CVE-2002-0542

OpenBSD <3.1 - Privilege Escalation

Title source: llm

Description

mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.

Exploits (1)

exploitdb WORKING POC VERIFIED

by Przemyslaw Frasunek · clocalopenbsd

https://www.exploit-db.com/exploits/21373

View Code ZIP pw:eip

References (6)

[Various Sources] http://www.openbsd.org/errata30.html#mail

[Mailing List] http://marc.info/?l=bugtraq&m=101855467811695&w=2

[Exploit, Patch, Vendor Advisory] http://www.securityfocus.com/bid/4495

[Patch, Vendor Advisory] http://www.iss.net/security_center/static/8818.php

[Exploit, Vendor Advisory] http://online.securityfocus.com/archive/1/267089

[Third Party Advisory, VDB Entry] http://www.osvdb.org/5269

Scores

EPSS 0.0068

EPSS Percentile 71.6%

Details

Status published

Products (2)

openbsd/openbsd 2.9

openbsd/openbsd 3.0

Published Jul 03, 2002

Tracked Since Feb 18, 2026