Format String Vulnerability in tcpflow Allows Arbitrary Code Execution

Format String Vulnerability in tcpflow Allows Arbitrary Code Execution

CVE-2003-0671 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.

Learn more about our User Device Pen Test.