EUVD-2003-0664

Malware in sbrugna...

CVE-2003-0670

Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications 1 RunTCPDump, which calls tcpdump, and 2 RunTCPFlow, which calls tcpflow...

CVE-2003-0671

Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow...

CVE-2003-0670

Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications 1 RunTCPDump, which calls tcpdump, and 2 RunTCPFlow, which calls tcpflow...

CVE-2003-0670

Sustworks IPNetSentryX and IPNetMonitorX allow local users to sniff network packets via the setuid helper applications 1 RunTCPDump, which calls tcpdump, and 2 RunTCPFlow, which calls tcpflow...

CVE-2003-0671

CVE-2003-0671 affects tcpflow and is described as a format string vulnerability that, when tcpflow runs in a setuid context (notably the RunTCPFlow program used by Sustworks IPNetSentryX and IPNetMonitorX), allows local users to execute arbitrary code via the device name argument. The available d...

CVE-2003-0670

Sustworks IPNetSentryX and IPNetMonitorX are affected. The setuid helper applications RunTCPDump (invokes tcpdump) and RunTCPFlow (invokes tcpflow) allow local users to sniff network packets, exposing partial confidentiality. Root cause is the presence of setuid wrappers enabling packet capture. ...

Sustworks Unauthorized Network Monitoring and tcpflow format string attack

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 @stake, Inc. www.atstake.com Security Advisory Advisory Name: Sustworks Unauthorized Network Monitoring and tcpflow format string attack Release Date: 08/07/2003 Application: IPNetMonitorX and IPNetSentryX Platform: Mac OS X Severity: Local users can...