UFO: Alien Invasion IRC Client Buffer Overflow Vulnerability Allowing Arbitrary Code Execution

A stack-based buffer overflow vulnerability has been identified in the built-in IRC client of UFO: Alien Invasion, affecting versions through 2.2.1. The vulnerability arises when the client connects to an IRC server and receives a crafted numeric reply, specifically a 001 message. The application fails to properly validate the length of the response string, leading to a buffer overflow that can corrupt control flow and allow for arbitrary code execution. This issue is triggered automatically during IRC connection handling, requiring no user interaction beyond launching the game.

Impact

Exploitation of this vulnerability allows for remote arbitrary code execution on the affected system.

Reproduction

The vulnerability can be reproduced by connecting to a malicious IRC server that sends a crafted 001 message. This can be done by performing a man-in-the-middle attack, using DNS poisoning, or exploiting the in-game 'rcon' functionality to direct the client to the attacker's server. Once the game is launched and the connection is established, the crafted message will trigger the buffer overflow, leading to arbitrary code execution.

Remediation

Users can upgrade to UFO: Alien Invasion version 2.3.1, which addresses this vulnerability.