Bugtraq mailing list archives
Re: Advisory for Spynet Chat
From: Amaury Jacquot <sxpert () WWW ESITCOM ORG>
Date: Tue, 8 May 2001 21:01:21 +0200
Quoting neme-dhc () HUSHMAIL COM:
[ Advisory for Spynet Chat ] [ Spynet Chat is made by Spytech ] [ Site: http://www.spytech-web.com ] [ by nemesystm of the DHC ] [ (http://dhcorp.cjb.net - neme-dhc () hushmail com) ] [ ADV-0120 ] /-|=[explanation]=|-\ Spynet Chat is a chat server. It suffers from a denial of service. /-|=[who is vulnerable]=|-\ Spynet Chat 6.5 has been tested and was vulnerable. Prior versions are assumed to be vulnerable as well. /-|=[testing it]=|-\ By opening up roughly 100 sockets in Perl and then using the normal Spynet Client to connect the server crashes with: S65server has caused an error in <unknown>. S65server will now close.
if this is on windows 95/98/ME, this is a known limitation in windows that cannot accomodate more than 100 opened sockets at the same time (thus gives random errors in application programs) Amaury
I have made a perl script that exploits this. It is in the advisory that is available on the DHC site. http://www.emc2k.com/dhcorp/homebrew/scs.zip /-|=[fix]=|-\ None known at the moment. Free, encrypted, secure Web-based email at www.hushmail.com
Raph Ingenieur en position du lotus 12 rue de la lumiere blanche 92130 Issy les Bouddhas
Current thread:
- Advisory for Spynet Chat neme-dhc (May 08)
- Re: Advisory for Spynet Chat Amaury Jacquot (May 08)