Vulnerabilities > CVE-2003-0671 - Unspecified vulnerability in Jeremy Elson Tcpflow

CVSS 7.2 - HIGH

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

COMPLETE

Integrity impact

COMPLETE

Availability impact

COMPLETE

local

low complexity

jeremy-elson

NVD

Published: 2003-08-27

Updated: 2008-09-10

Summary

Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.

Vulnerable Configurations

Part	Description	Count
Application	Jeremy_Elson Jeremy Elson Tcpflow 0.10 Jeremy Elson Tcpflow 0.11 Jeremy Elson Tcpflow 0.12 Jeremy Elson Tcpflow 0.20	4

References

http://www.atstake.com/research/advisories/2003/a080703-1.txt
http://www.atstake.com/research/advisories/2003/a080703-2.txt