Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
mail in OpenBSD 2.9 and 3.0 processes a tilde (~) escape character in a message even when it is not in interactive mode, which could allow local users to gain root privileges via calls to mail in cron.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenBSD的mail存在执行任意命令的漏洞
Vulnerability Description
OpenBSD系统中的/usr/bin/mail是一款简单的邮件用户代理程序,也可以用于批处理模式,如运行CRON任务发送邮件给管理员。 OpenBSD系统中的/usr/bin/mail在处理转义序列(~!command)不正确,可导致攻击者以运行mail的用户权限执行任意命令。 当运行在非交互模式时程序/usr/bin/mail接收转义序列,当攻击者把转义序列插入到作为输入的流中传递给MAIL命令时,此转义序列就会被mail命令解析,导致可以以运行mail命令的用户权限执行任意命令或者读/写任意文件到系
CVSS Information
N/A
Vulnerability Type
N/A