CVE-2003-0671

Name of the Vulnerable Software and Affected Versions: tcpflow (affected versions not specified)

Description: The issue is related to a format string vulnerability in tcpflow. This vulnerability can be exploited by local users to execute arbitrary code when tcpflow is used in a setuid context. The exploitation is possible via the device name argument. This has been demonstrated in the context of Sustworks IPNetSentryX and IPNetMonitorX, specifically through the setuid program RunTCPFlow.

Recommendations: At the moment, there is no information about a newer version that contains a fix for this vulnerability.