Quoting neme-dhcat_private: > [ Advisory for Spynet Chat ] > [ Spynet Chat is made by Spytech ] > [ Site: http://www.spytech-web.com ] > [ by nemesystm of the DHC ] > [ (http://dhcorp.cjb.net - neme-dhcat_private) ] > [ ADV-0120 ] > > /-|=[explanation]=|-\ > Spynet Chat is a chat server. It suffers from a > denial of service. > > /-|=[who is vulnerable]=|-\ > Spynet Chat 6.5 > has been tested and was vulnerable. Prior versions > are assumed to be vulnerable as well. > > /-|=[testing it]=|-\ > By opening up roughly 100 sockets in Perl and then > using the normal Spynet Client to connect the > server crashes with: > S65server has caused an error in <unknown>. > S65server will now close. if this is on windows 95/98/ME, this is a known limitation in windows that cannot accomodate more than 100 opened sockets at the same time (thus gives random errors in application programs) Amaury > I have made a perl script that exploits this. It is > in the advisory that is available on the DHC site. > http://www.emc2k.com/dhcorp/homebrew/scs.zip > > /-|=[fix]=|-\ > None known at the moment. > Free, encrypted, secure Web-based email at www.hushmail.com Raph Ingenieur en position du lotus 12 rue de la lumiere blanche 92130 Issy les Bouddhas
This archive was generated by hypermail 2b30 : Tue May 08 2001 - 13:36:24 PDT