Format String Vulnerability in tcpflow Allows Arbitrary Code Execution
CVE-2003-0671 · HIGH Severity
AV:L/AC:L/AU:N/C:C/I:C/A:C
Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.
Learn more about our User Device Pen Test.