Vulnerability Details CVE-2002-0542
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.004
EPSS Ranking 57.3%
CVSS Severity
CVSS v2 Score 7.2
References
- http://marc.info/?l=bugtraq&m=101855467811695&w=2
- http://online.securityfocus.com/archive/1/267089
- http://www.iss.net/security_center/static/8818.php
- http://www.openbsd.org/errata30.html#mail
- http://www.osvdb.org/5269
- http://www.securityfocus.com/bid/4495
- http://marc.info/?l=bugtraq&m=101855467811695&w=2
- http://online.securityfocus.com/archive/1/267089
- http://www.iss.net/security_center/static/8818.php
- http://www.openbsd.org/errata30.html#mail
- http://www.osvdb.org/5269
- http://www.securityfocus.com/bid/4495