CVE-2002-0542

CVSS 7.2 - HIGH

Description

mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.

Affected Products

Vendor	Product	Version
openbsd	openbsd	`2.9`
openbsd	openbsd	`3.0`

References

http://marc.info/?l=bugtraq&m=101855467811695&w=2

http://online.securityfocus.com/archive/1/267089

http://www.iss.net/security_center/static/8818.php

http://www.openbsd.org/errata30.html#mail

http://www.osvdb.org/5269

http://www.securityfocus.com/bid/4495

http://marc.info/?l=bugtraq&m=101855467811695&w=2

http://online.securityfocus.com/archive/1/267089

http://www.iss.net/security_center/static/8818.php

http://www.openbsd.org/errata30.html#mail

http://www.osvdb.org/5269

http://www.securityfocus.com/bid/4495

Weakness Types

NVD-CWE-Other

CVE Information

CVE ID:: CVE-2002-0542
Published:: 2002-07-03
Modified:: 2026-04-16
CVSS Score:: 7.2
Severity:: HIGH
Vector:: AV:L/AC:L/Au:N/C:C/I:C/A:C

Affected Vendors

openbsd

Quick Actions

View on NVD Find Similar CVEs

CVSS Severity Scale

0.0 - 3.9 LOW

4.0 - 6.9 MEDIUM

7.0 - 8.9 HIGH

9.0 - 10.0 CRITICAL