Lucene search

MitreCVE-2003-0671

HistoryAug 27, 2003 - 4:00 a.m.

CVE-2003-0671

2003-08-2704:00:00

mitre

web.nvd.nist.gov

cve-2003-0671

tcpflow

format string vulnerability

local execution

arbitrary code

device name argument

sustworks ipnetsentryx

ipnetmonitorx

nvd

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

Percentile

0.4%

JSON

Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.

Affected configurations

Nvd

Node

jeremy_elsontcpflowMatch0.10

jeremy_elsontcpflowMatch0.11

jeremy_elsontcpflowMatch0.12

jeremy_elsontcpflowMatch0.20

VendorProductVersionCPE
jeremy_elsontcpflow0.10cpe:2.3:a:jeremy_elson:tcpflow:0.10:*:*:*:*:*:*:*
jeremy_elsontcpflow0.11cpe:2.3:a:jeremy_elson:tcpflow:0.11:*:*:*:*:*:*:*
jeremy_elsontcpflow0.12cpe:2.3:a:jeremy_elson:tcpflow:0.12:*:*:*:*:*:*:*
jeremy_elsontcpflow0.20cpe:2.3:a:jeremy_elson:tcpflow:0.20:*:*:*:*:*:*:*

Vendor	Product	Version	CPE
jeremy_elson	tcpflow	0.10	cpe:2.3:a:jeremy_elson:tcpflow:0.10:::::::*
jeremy_elson	tcpflow	0.11	cpe:2.3:a:jeremy_elson:tcpflow:0.11:::::::*
jeremy_elson	tcpflow	0.12	cpe:2.3:a:jeremy_elson:tcpflow:0.12:::::::*
jeremy_elson	tcpflow	0.20	cpe:2.3:a:jeremy_elson:tcpflow:0.20:::::::*

References

www.atstake.com/research/advisories/2003/a080703-1.txt

www.atstake.com/research/advisories/2003/a080703-2.txt

CVSS2

7.2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

AI Score

7.6

Confidence

High

EPSS

Percentile

0.4%

JSON

Related for CVE-2003-0671