Vulnerabilities > CVE-2004-0278 - Denial of Service vulnerability in Ratbag Game Engine

CVSS 5.0 - MEDIUM

Attack vector

NETWORK

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

NONE

Integrity impact

NONE

Availability impact

PARTIAL

network

low complexity

ratbag

NVD

Published: 2004-11-23

Updated: 2017-07-11

Summary

Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data.

Vulnerable Configurations

Part	Description	Count
Application	Ratbag Ratbag Dirt Track Racing 1.0.3 Ratbag Dirt Track Racing 2.0 Ratbag Dirt Track Racing Australia * Ratbag Dirt Track Racing Sprint Cars * Ratbag Leadfoot * Ratbag World OF Outlaws Sprint Cars *	6

References

http://marc.info/?l=bugtraq&m=107655269820530&w=2
http://www.securityfocus.com/bid/9644
https://exchange.xforce.ibmcloud.com/vulnerabilities/15188