OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: neme-dhcHUSHMAIL.COM
Date: Mon May 07 2001 - 19:36:05 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

     [ Advisory for Spynet Chat ]
     [ Spynet Chat is made by Spytech ]
     [ Site: http://www.spytech-web.com ]
     [ by nemesystm of the DHC ]
     [ (http://dhcorp.cjb.net - neme-dhchushmail.com) ]
     [ ADV-0120 ]

    /-|=[explanation]=|-\
    Spynet Chat is a chat server. It suffers from a
    denial of service.

    /-|=[who is vulnerable]=|-\
    Spynet Chat 6.5
    has been tested and was vulnerable. Prior versions
    are assumed to be vulnerable as well.

    /-|=[testing it]=|-\
    By opening up roughly 100 sockets in Perl and then
    using the normal Spynet Client to connect the
    server crashes with:
    S65server has caused an error in <unknown>.
    S65server will now close.

    I have made a perl script that exploits this. It is
    in the advisory that is available on the DHC site.
    http://www.emc2k.com/dhcorp/homebrew/scs.zip

    /-|=[fix]=|-\
    None known at the moment.
    Free, encrypted, secure Web-based email at www.hushmail.com