[20573] in bugtraq
Re: Advisory for Spynet Chat
daemon@ATHENA.MIT.EDU (Amaury Jacquot)
Tue May 8 16:37:19 2001
MIME-Version: 1.0
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 8bit
Message-ID: <989348481.3af842810c850@www.esitcom.org>
Date: Tue, 8 May 2001 21:01:21 +0200
Reply-To: Amaury Jacquot <sxpert@WWW.ESITCOM.ORG>
From: Amaury Jacquot <sxpert@WWW.ESITCOM.ORG>
X-To: neme-dhc@HUSHMAIL.COM
To: BUGTRAQ@SECURITYFOCUS.COM
In-Reply-To: <200105072333.QAA21771@user7.hushmail.com>
Quoting neme-dhc@HUSHMAIL.COM:
> [ Advisory for Spynet Chat ]
> [ Spynet Chat is made by Spytech ]
> [ Site: http://www.spytech-web.com ]
> [ by nemesystm of the DHC ]
> [ (http://dhcorp.cjb.net - neme-dhc@hushmail.com) ]
> [ ADV-0120 ]
>
> /-|=[explanation]=|-\
> Spynet Chat is a chat server. It suffers from a
> denial of service.
>
> /-|=[who is vulnerable]=|-\
> Spynet Chat 6.5
> has been tested and was vulnerable. Prior versions
> are assumed to be vulnerable as well.
>
> /-|=[testing it]=|-\
> By opening up roughly 100 sockets in Perl and then
> using the normal Spynet Client to connect the
> server crashes with:
> S65server has caused an error in <unknown>.
> S65server will now close.
if this is on windows 95/98/ME, this is a known limitation in
windows that cannot accomodate more than 100 opened sockets at
the same time (thus gives random errors in application programs)
Amaury
> I have made a perl script that exploits this. It is
> in the advisory that is available on the DHC site.
> http://www.emc2k.com/dhcorp/homebrew/scs.zip
>
> /-|=[fix]=|-\
> None known at the moment.
> Free, encrypted, secure Web-based email at www.hushmail.com
Raph
Ingenieur en position du lotus
12 rue de la lumiere blanche
92130 Issy les Bouddhas
