Advisory for Spynet Chat

From: neme-dhcat_private
Date: Mon May 07 2001 - 17:36:05 PDT

Next message: Linux Mandrake Security Team: "MDKSA-2001:047 - pine update"

Previous message: neme-dhcat_private: "Advisory for Vdns"
Next in thread: Amaury Jacquot: "Re: Advisory for Spynet Chat"
Reply: Amaury Jacquot: "Re: Advisory for Spynet Chat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

 [ Advisory for Spynet Chat                        ]
 [ Spynet Chat is made by Spytech                  ]
 [ Site: http://www.spytech-web.com                ]
 [ by nemesystm of the DHC                         ]
 [ (http://dhcorp.cjb.net - neme-dhcat_private) ]
 [ ADV-0120                                        ]

/-|=[explanation]=|-\
Spynet Chat is a chat server. It suffers from a
denial of service.

/-|=[who is vulnerable]=|-\
Spynet Chat 6.5
has been tested and was vulnerable. Prior versions
are assumed to be vulnerable as well.

/-|=[testing it]=|-\
By opening up roughly 100 sockets in Perl and then
using the normal Spynet Client to connect the
server crashes with:
S65server has caused an error in <unknown>.
S65server will now close.

I have made a perl script that exploits this. It is
in the advisory that is available on the DHC site.
http://www.emc2k.com/dhcorp/homebrew/scs.zip

/-|=[fix]=|-\
None known at the moment.
Free, encrypted, secure Web-based email at www.hushmail.com

Next message: Linux Mandrake Security Team: "MDKSA-2001:047 - pine update"
Previous message: neme-dhcat_private: "Advisory for Vdns"
Next in thread: Amaury Jacquot: "Re: Advisory for Spynet Chat"
Reply: Amaury Jacquot: "Re: Advisory for Spynet Chat"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Tue May 08 2001 - 08:54:50 PDT