[20571] in bugtraq
Advisory for Spynet Chat
daemon@ATHENA.MIT.EDU (neme-dhc@HUSHMAIL.COM)
Tue May 8 11:58:12 2001
Content-type: multipart/mixed;
boundary="Hushpart_boundary_yXYcnOIDucrsDolydYfywlcNulAGLcVt"
Mime-version: 1.0
Message-ID: <200105072333.QAA21771@user7.hushmail.com>
Date: Mon, 7 May 2001 19:36:05 -0500
Reply-To: neme-dhc@HUSHMAIL.COM
From: neme-dhc@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
--Hushpart_boundary_yXYcnOIDucrsDolydYfywlcNulAGLcVt
Content-type: text/plain
[ Advisory for Spynet Chat ]
[ Spynet Chat is made by Spytech ]
[ Site: http://www.spytech-web.com ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - neme-dhc@hushmail.com) ]
[ ADV-0120 ]
/-|=[explanation]=|-\
Spynet Chat is a chat server. It suffers from a
denial of service.
/-|=[who is vulnerable]=|-\
Spynet Chat 6.5
has been tested and was vulnerable. Prior versions
are assumed to be vulnerable as well.
/-|=[testing it]=|-\
By opening up roughly 100 sockets in Perl and then
using the normal Spynet Client to connect the
server crashes with:
S65server has caused an error in <unknown>.
S65server will now close.
I have made a perl script that exploits this. It is
in the advisory that is available on the DHC site.
http://www.emc2k.com/dhcorp/homebrew/scs.zip
/-|=[fix]=|-\
None known at the moment.
Free, encrypted, secure Web-based email at www.hushmail.com
--Hushpart_boundary_yXYcnOIDucrsDolydYfywlcNulAGLcVt--
