MidnightBSD

Advisories for jeremy_elson

CVE-2003-0671 HIGH

Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.

CVSS 2.0

Severity: HIGH

Problem Type: NVD-CWE-Other,

Products Affected

Vendor Product Version
jeremy_elson tcpflow 0.20
jeremy_elson tcpflow 0.10
jeremy_elson tcpflow 0.12
jeremy_elson tcpflow 0.11