CVE-2009-10006
BaseFortify
Publication date: 2025-08-22
Last updated on: 2025-08-22
Assigner: VulnCheck
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| ufo_alien_invasion | ufo_alien_invasion | 2.2.1 |
| ufo_alien_invasion | ufo_alien_invasion | 2.3 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-121 | A stack-based buffer overflow condition is a condition where the buffer being overwritten is allocated on the stack (i.e., is a local variable or, rarely, a parameter to a function). |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a stack-based buffer overflow in the built-in IRC client component of UFO: Alien Invasion versions up to 2.2.1. When the IRC client connects to a server and receives a specially crafted numeric reply (specifically a 001 message), it fails to properly validate the length of the response string. This causes the application to write beyond the allocated buffer, corrupting control flow structures on the stack. As a result, an attacker can execute arbitrary code remotely without any user interaction beyond launching the game. [2, 3]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to remote arbitrary code execution or denial of service on the affected system. An attacker can take control of the vulnerable UFO: Alien Invasion IRC client by sending a malicious IRC server response, potentially allowing them to execute malicious code, disrupt the game, or compromise the system running the game. The attack requires no authentication or user interaction beyond starting the game, making it highly dangerous. [2, 3, 1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring network traffic for suspicious IRC server responses, specifically numeric reply messages starting with "001 :" that contain unusually long or malformed payloads designed to overflow the buffer. Since the exploit involves a remote TCP server sending crafted messages on the IRC port (default 6667), you can use network capture tools like tcpdump or Wireshark to filter and inspect IRC traffic for abnormal 001 messages exceeding normal length or containing suspicious patterns. For example, a tcpdump command to capture IRC traffic on port 6667 is: tcpdump -i <interface> tcp port 6667 -w irc_traffic.pcap. Then, analyze the captured traffic for 001 messages with excessive length or unusual content. Additionally, monitoring the UFO: Alien Invasion process for crashes or abnormal behavior upon connecting to IRC servers may indicate exploitation attempts. [1, 3, 4, 5]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include upgrading UFO: Alien Invasion to version 2.3 or later, where the vulnerability has been fixed. If upgrading is not immediately possible, avoid connecting the game to untrusted or public IRC servers, as the vulnerability is triggered by malicious IRC server responses. Restrict network access to IRC ports (default 6667) to trusted servers only. Additionally, monitor and block suspicious IRC traffic that could exploit this buffer overflow. Applying network-level protections such as firewall rules to limit IRC connections and using intrusion detection systems to detect exploit attempts can help reduce risk. Finally, consider disabling or restricting the in-game 'rcon' feature to prevent attackers from forcing connections to malicious IRC servers. [2, 3]