mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
References
Link | Resource |
---|---|
http://marc.info/?l=bugtraq&m=101855467811695&w=2 | |
http://online.securityfocus.com/archive/1/267089 | Exploit Vendor Advisory |
http://www.iss.net/security_center/static/8818.php | Patch Vendor Advisory |
http://www.openbsd.org/errata30.html#mail | |
http://www.osvdb.org/5269 | |
http://www.securityfocus.com/bid/4495 | Exploit Patch Vendor Advisory |
http://marc.info/?l=bugtraq&m=101855467811695&w=2 | |
http://online.securityfocus.com/archive/1/267089 | Exploit Vendor Advisory |
http://www.iss.net/security_center/static/8818.php | Patch Vendor Advisory |
http://www.openbsd.org/errata30.html#mail | |
http://www.osvdb.org/5269 | |
http://www.securityfocus.com/bid/4495 | Exploit Patch Vendor Advisory |
Configurations
Configuration 1 (hide)
|
History
20 Nov 2024, 23:39
Type | Values Removed | Values Added |
---|---|---|
References | () http://marc.info/?l=bugtraq&m=101855467811695&w=2 - | |
References | () http://online.securityfocus.com/archive/1/267089 - Exploit, Vendor Advisory | |
References | () http://www.iss.net/security_center/static/8818.php - Patch, Vendor Advisory | |
References | () http://www.openbsd.org/errata30.html#mail - | |
References | () http://www.osvdb.org/5269 - | |
References | () http://www.securityfocus.com/bid/4495 - Exploit, Patch, Vendor Advisory |
Information
Published : 2002-07-03 04:00
Updated : 2024-11-20 23:39
NVD link : CVE-2002-0542
Mitre link : CVE-2002-0542
CVE.ORG link : CVE-2002-0542
JSON object : View
Products Affected
openbsd
- openbsd
CWE