mailing list archives
Re: Advisory for Spynet Chat
From: Amaury Jacquot <sxpert () WWW ESITCOM ORG>
Date: Tue, 8 May 2001 21:01:21 +0200
Quoting neme-dhc () HUSHMAIL COM:
[ Advisory for Spynet Chat ]
[ Spynet Chat is made by Spytech ]
[ Site: http://www.spytech-web.com ]
[ by nemesystm of the DHC ]
[ (http://dhcorp.cjb.net - neme-dhc () hushmail com) ]
[ ADV-0120 ]
Spynet Chat is a chat server. It suffers from a
denial of service.
/-|=[who is vulnerable]=|-\
Spynet Chat 6.5
has been tested and was vulnerable. Prior versions
are assumed to be vulnerable as well.
By opening up roughly 100 sockets in Perl and then
using the normal Spynet Client to connect the
server crashes with:
S65server has caused an error in <unknown>.
S65server will now close.
if this is on windows 95/98/ME, this is a known limitation in
windows that cannot accomodate more than 100 opened sockets at
the same time (thus gives random errors in application programs)
I have made a perl script that exploits this. It is
in the advisory that is available on the DHC site.
None known at the moment.
Free, encrypted, secure Web-based email at www.hushmail.com
Ingenieur en position du lotus
12 rue de la lumiere blanche
92130 Issy les Bouddhas