CVE-2001-0952

Vulnerability

CVE-2001-0952 affects THQ Volition's Red Faction game, both client and server, including dedicated servers. The vulnerability resides in the handling of UDP packets received on port 7755 (the default game port). Sending any UDP probe to this port, as with an nmap scan, causes the game or server to crash and exit to the desktop [1]. The issue is present when the game is running any version prior to the fix (no patched version is known to have been released).

Exploitation

An attacker only needs network access to the target and the ability to send a UDP packet to the game's UDP port (default 7755). No authentication, user interaction, or special privileges are required. The attack consists of sending a simple UDP probe—for example, using nmap -sU -p 7755 <target_ip>—which the game cannot handle and crashes upon reception [1]. The same technique works if the server is running on a non-default port.

Impact

Successful exploitation causes a denial of service (DoS). The affected client or server crashes and terminates immediately, returning the user to the desktop. No data is corrupted, and no code execution or information disclosure is known to occur. The impact is purely availability, as the game session is disrupted and the user must restart the application [1].

Mitigation

No official patch or fix was released by THQ Volition. The vulnerability remains unfixed in all known versions of the game. A workaround is to use a firewall to block inbound UDP packets on port 7755 (or the game's port) from untrusted sources, thereby preventing the attack packet from reaching the game process [1]. The CVE is not listed in the CISA Known Exploited Vulnerabilities (KEV) catalog.