Privilege Escalation via Tilde (~) Escape Character in OpenBSD Mail

Privilege Escalation via Tilde (~) Escape Character in OpenBSD Mail

CVE-2002-0542 · HIGH Severity

AV:L/AC:L/AU:N/C:C/I:C/A:C

mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.

Learn more about our User Device Pen Test.