Buffer-overflow in Tincat 2 minor than 2.0.28 (Sacred, Settlers 5 and others)

2005-03-31T00:00:00
ID SECURITYVULNS:DOC:8176
Type securityvulns
Reporter Securityvulns
Modified 2005-03-31T00:00:00

Description

                         Luigi Auriemma

Application: Tincat network library http://www.tincat.de Versions: Release 2 < 2.0.28 Release 1 should be not vulnerable Games: - Sacred <= 1.8.2.6 - The Settlers: Heritage of Kings <= 1.02 - other applications, a partial list in german is available at the following link but I cannot confirm if they are vulnerable: http://www.tincat.de/index.php?topic=5 Platforms: Windows, Linux and Sun Solaris Bug: buffer-overflow Exploitation: remote, versus server Date: 28 Mar 2005 Author: Luigi Auriemma e-mail: aluigi@autistici.org web: http://aluigi.altervista.org

1) Introduction 2) Bug 3) The Code 4) Fix

=============== 1) Introduction ===============

Tincat is a network library for games and has been developed by the german guys of Instance Four (http://www.instancefour.com). It is used in some games like the recents and well known Sacred (http://www.sacred-game.com) and The Settlers: Heritage of Kings (http://www.thesettlers.com).

====== 2) Bug ======

The library is affected by a buffer-overflow in the function that logs the players entered in the server letting an attacker to execute malicious code on the victim system.

=========== 3) The Code ===========

http://aluigi.altervista.org/poc/tincat2bof.zip

====== 4) Fix ======

The library has been patched from build 28 (2.0.28).

Actually "The Settlers: Heritage of Kings" 1.03 is the only game that uses the new patched library.


Luigi Auriemma http://aluigi.altervista.org