CVE-2003-0671

2003-08-1404:00:00

mitre

www.cve.org

tcpflow

code execution

vulnerability

AI Score

7.2

Confidence

High

EPSS

Percentile

0.4%

JSON

Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.

References

www.atstake.com/research/advisories/2003/a080703-1.txt

www.atstake.com/research/advisories/2003/a080703-2.txt