CVE-2003-0671 Information

Description

Format string vulnerability in tcpflow when used in a setuid context allows local users to execute arbitrary code via the device name argument as demonstrated in Sustworks IPNetSentryX and IPNetMonitorX the setuid program RunTCPFlow.

Reference

http://www.atstake.com/research/advisories/2003/a080703-1.txt http://www.atstake.com/research/advisories/2003/a080703-2.txt