[ Advisory for Spynet Chat ] [ Spynet Chat is made by Spytech ] [ Site: http://www.spytech-web.com ] [ by nemesystm of the DHC ] [ (http://dhcorp.cjb.net - neme-dhcat_private) ] [ ADV-0120 ] /-|=[explanation]=|-\ Spynet Chat is a chat server. It suffers from a denial of service. /-|=[who is vulnerable]=|-\ Spynet Chat 6.5 has been tested and was vulnerable. Prior versions are assumed to be vulnerable as well. /-|=[testing it]=|-\ By opening up roughly 100 sockets in Perl and then using the normal Spynet Client to connect the server crashes with: S65server has caused an error in <unknown>. S65server will now close. I have made a perl script that exploits this. It is in the advisory that is available on the DHC site. http://www.emc2k.com/dhcorp/homebrew/scs.zip /-|=[fix]=|-\ None known at the moment. Free, encrypted, secure Web-based email at www.hushmail.com
This archive was generated by hypermail 2b30 : Tue May 08 2001 - 08:54:50 PDT