Vulnerabilities > CVE-2003-0671 - Unspecified vulnerability in Jeremy Elson Tcpflow
Attack vector
LOCAL Attack complexity
LOW Privileges required
NONE Confidentiality impact
COMPLETE Integrity impact
COMPLETE Availability impact
COMPLETE Summary
Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.
Vulnerable Configurations
Part | Description | Count |
---|---|---|
Application | 4 |