CVE-2003-0671

2022-10-0316:15:46

mitre

www.cve.org

tcpflow

code execution

vulnerability

7.2 High

AI Score

Confidence

High

0.0004 Low

EPSS

Percentile

0.4%

JSON

Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.

References

www.atstake.com/research/advisories/2003/a080703-1.txt

www.atstake.com/research/advisories/2003/a080703-2.txt