← back
CVE-2003-0671

CVE-2003-0671

EPSS 0.5%
Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.
Affected products
n/a · n/a

Want to know if your infrastructure is exposed to this?

Talk to TrueHacking →
References
http://www.atstake.com/research/advisories/2003/a080703-1.txthttp://www.atstake.com/research/advisories/2003/a080703-2.txt