Tincat Network Library Remote Buffer Overflow Vulnerability

Bugtraq ID:	12912
Class:	Boundary Condition Error
CVE:
Remote:	Yes
Local:	No
Published:	Mar 28 2005 12:00AM
Updated:	Mar 28 2005 12:00AM
Credit:	Discovery is credited to Luigi Auriemma <[email protected]>.
Vulnerable:	UBI Soft The Settlers: Heritage of Kings 1.0 2 Sacred Sacred 1.8.2 .6 Sacred Sacred Instance Four Tincat Release 2
Not Vulnerable:	UBI Soft The Settlers: Heritage of Kings 1.0 3 Instance Four Tincat Release 2 2.0.48

Tincat Network Library Remote Buffer Overflow Vulnerability

Tincat is reported prone to a remote buffer overflow vulnerability.

It is reported that this issue exists in the function responsible for logging users that have connected to a game server.

A successful attack can allow an attacker to gain unauthorized access to a vulnerable computer in the context of a game server.

Tincat Network Library Remote Buffer Overflow Vulnerability

The following proof of concept is available:

• /data/vulnerabilities/exploits/tincat2bof.zip

Tincat Network Library Remote Buffer Overflow Vulnerability

Solution:
Tincat Release 2 version 2.0.28 is not affected by this issue. Please contact the vendor to obtain the fixed version.

The Settlers: Heritage of Kings version 1.03 is not affected by this issue as well. Please contact the vendor to obtain the fixed version.

Tincat Network Library Remote Buffer Overflow Vulnerability

References:

• Home Page (Instance Four)
  
• Sacred Home Page (Sacred)
  
• The Settlers: Heritage of Kings (UBI Soft)
  
• Buffer-overflow in Tincat 2 minor than 2.0.28 (Sacred, Settlers 5and others) (Luigi Auriemma )