psyBNC 2.3 DoS / bug

:: Description

psyBNC (http://www.psychoid.lam3rz.de/psybnc.html) has a problem 
dealing with oversized passwords, making it possible to tie up all
the connection slots and consume alot of CPU on the server.

:: Exploit

Create a program to do the following:

1. connect to the psyBNC daemon
2. send "irc registraion" information, e.g.:

   user a b c d [LF/0x10]
   nick abcd [LF/0x10]

3. send an oversized password (about 9000++ bytes):

   PASS <oversized password> [LF/0x10]

4. kill the connection


This will make psyBNC slowly consume more and more CPU, and
the connection will not be closed, but kept in state
"CLOSE_WAIT".

In other words; by doing the procedure described above
many times (depending on the psyBNC configuration, 3 is default)
you can lock up all the connection slots and make the
psyBNC daemon inaccessible for other clients.

Concerning the CPU usage, when testing this on my own box
the usage went from 0.1% to about 90.0% and the load average
went from 0.0 to about 0.72.

:: Closing words

Somebody might have discovered this before, but not that i'm
aware of. Did some searching without any luck. The creator
of psyBNC has been contacted.

 - nawok <nawok@nawok.org>