Re: Advisory for Spynet Chat

[Amaury Jacquot <sxpert () WWW ESITCOM ORG>]

Quoting neme-dhc () HUSHMAIL COM:

>  [ Advisory for Spynet Chat                        ]
>  [ Spynet Chat is made by Spytech                  ]
>  [ Site: http://www.spytech-web.com                ]
>  [ by nemesystm of the DHC                         ]
>  [ (http://dhcorp.cjb.net - neme-dhc () hushmail com) ]
>  [ ADV-0120                                        ]
>
> /-|=[explanation]=|-\
> Spynet Chat is a chat server. It suffers from a
> denial of service.
>
> /-|=[who is vulnerable]=|-\
> Spynet Chat 6.5
> has been tested and was vulnerable. Prior versions
> are assumed to be vulnerable as well.
>
> /-|=[testing it]=|-\
> By opening up roughly 100 sockets in Perl and then
> using the normal Spynet Client to connect the
> server crashes with:
> S65server has caused an error in <unknown>.
> S65server will now close.

if this is on windows 95/98/ME, this is a known limitation in
windows that cannot accomodate more than 100 opened sockets at
the same time (thus gives random errors in application programs)

Amaury

> I have made a perl script that exploits this. It is
> in the advisory that is available on the DHC site.
> http://www.emc2k.com/dhcorp/homebrew/scs.zip
>
> /-|=[fix]=|-\
> None known at the moment.
> Free, encrypted, secure Web-based email at www.hushmail.com



Raph
Ingenieur en position du lotus
12 rue de la lumiere blanche
92130 Issy les Bouddhas