AI Score
Confidence
High
EPSS
Percentile
0.4%
Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.
www.atstake.com/research/advisories/2003/a080703-1.txt
www.atstake.com/research/advisories/2003/a080703-2.txt