COMMAND

    Spynet Chat

SYSTEMS AFFECTED

    Spynet Chat 6.5

PROBLEM

    nemesystem  of the  DHC  found  following.   Spynet Chat is a chat
    server.  It suffers from a denial of service.

    Spynet  Chat  6.5  has  been  tested  and  was  vulnerable.  Prior
    versions are assumed to be vulnerable as well.

    By opening up roughly 100 sockets in Perl and then using the normal
    Spynet Client to connect the server crashes with:

        S65server has caused an error in <unknown>.
        S65server will now close.

    nemesystem has made a  perl script that exploits  this.  It is  in
    the advisory that is available on the DHC site:

        http://www.emc2k.com/dhcorp/homebrew/scs.zip

SOLUTION

    None known at the  moment.  If this  is on windows 95/98/ME,  this
    is a known limitation in windows that cannot accomodate more  than
    100 opened sockets at the  same time (thus gives random  errors in
    application programs).