mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.

Threat-Mapped Scoring

Score: 1.8

Priority: P4 - Informational (Low)

• S9 – Sabotage of System/App

EPSS

Score: 0.00357
Percentile: 0.57255

CVSS Scoring

Affected Products

• cpe:2.3:o:openbsd:openbsd:2.9:*:*:*:*:*:*:*
• cpe:2.3:o:openbsd:openbsd:3.0:*:*:*:*:*:*:*

← Back to Home