Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2004-0278


Vulnerability Score 5.0 5.0
CVE Id CVE-2004-0278
Last Modified 05 Sep 2008 04:38:00
Published 23 Nov 2004 12:00:00
Confidentiality Impact NONE NONE
Integrity Impact NONE NONE
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE



Ratbag game engine, as used in products such as Dirt Track Racing, Leadfoot, and World of Outlaws Spring Cars, allows remote attackers to cause a denial of service (CPU consumption) via a TCP packet that specifies the length of data to read and then sends a second TCP packet that contains less data than specified, which causes Ratbag to repeatedly check the socket for more data.

Vulnerable Systems


  • Ratbag Dirt Track Racing 1.0.3

  • Ratbag Dirt Track Racing 2.0

  • Ratbag Dirt Track Racing Australia

  • Ratbag Dirt Track Racing Sprint Cars

  • Ratbag Leadfoot

  • Ratbag World Of Outlaws Sprint Cars


XF - ratbag-data-length-dos(15188)

BID - 9644

BUGTRAQ - 20040211 Denial of Service in Ratbag's game engine

Last Updated: 27 May 2016 10:38:32