Jeremy Elson : Security Vulnerabilities, CVEs,
Format string vulnerability in tcpflow, when used in a setuid context, allows local users to execute arbitrary code via the device name argument, as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.
Max CVSS
7.2
EPSS Score
0.04%
Published
2003-08-27
Updated
2008-09-10
1 vulnerabilities found