Lucene search

[email protected]CVE-2003-0671

HistoryOct 03, 2022 - 4:15 p.m.

CVE-2003-0671

2022-10-0316:15:46

[email protected]

web.nvd.nist.gov

cve-2003-0671

tcpflow

format string vulnerability

local execution

arbitrary code

device name argument

sustworks ipnetsentryx

ipnetmonitorx

nvd

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.

Affected configurations

NVD

Node

jeremy_elsontcpflowMatch0.10

jeremy_elsontcpflowMatch0.11

jeremy_elsontcpflowMatch0.12

jeremy_elsontcpflowMatch0.20

CPENameOperatorVersion
jeremy_elson:tcpflowjeremy elson tcpfloweq0.10
jeremy_elson:tcpflowjeremy elson tcpfloweq0.11
jeremy_elson:tcpflowjeremy elson tcpfloweq0.12
jeremy_elson:tcpflowjeremy elson tcpfloweq0.20

CPE	Name	Operator	Version
jeremy_elson:tcpflow	jeremy elson tcpflow	eq	0.10
jeremy_elson:tcpflow	jeremy elson tcpflow	eq	0.11
jeremy_elson:tcpflow	jeremy elson tcpflow	eq	0.12
jeremy_elson:tcpflow	jeremy elson tcpflow	eq	0.20

References

www.atstake.com/research/advisories/2003/a080703-1.txt

www.atstake.com/research/advisories/2003/a080703-2.txt

7.2 High

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

COMPLETE

Integrity Impact

COMPLETE

Availability Impact

COMPLETE

AV:L/AC:L/Au:N/C:C/I:C/A:C

7.6 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Related for CVE-2003-0671

cvelist1 nvd1