Title: SpyNet Chat Server Multiple Connection Denial Of Service Vulnerability
Severity: HIGH
Description:
Spynet Chat Server is a freely available client-server chat package by Spytech Software. Spynet Chat offers IRC style chat to users of the software package.
Spynet Chat is packaged with both the Spynet Chat client, and the Spynet Chat server in one downloadable package. Under normal use, the Spynet Chat server acts as a relay for messages, requiring only the IP address of the host running the server for message exchange.
A problem in the chat server has been discovered which can result in a denial of service to legitimate users. Upon exploitation of this vulnerability, the Spynet Chat server requires either a manual restart, or a watchdog process restart to resume normal operation.
By initiating 100 or more connections to port 6387 of a system running the server software, then sending a Spynet Chat message from the host initiating the connections to the server, the Spynet Chat server ceases operation, exiting abnormally and denying service to legitimate users of the server.
Affected Products:
- Spytech Spynet Chat 6.5.0
Juniper Networks provides this content via a wide variety of sources and production methods. If notified of errors or omissions in the content of this page, Juniper Networks, at its discretion, will modify or remove the page or leave the content as is, depending on various factors including but not limited to the reputation and authority of the party providing the notification. Please use the contact information displayed elsewhere on this page to report any errors or omissions regarding the content on this page.
