CVE-2002-0080
Severity CVSS v4.0:
Pending analysis
Type:
CWE-269
Improper Privilege Management
Publication date:
15/03/2002
Last modified:
03/04/2025
Description
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
Impact
Base Score 2.0
2.10
Severity 2.0
LOW
Vulnerable products and versions
CPE | From | Up to |
---|---|---|
cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:* | 2.5.3 (excluding) | |
cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:* | ||
cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:* | ||
cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:* | ||
cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
- http://www.iss.net/security_center/static/8463.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
- http://www.redhat.com/support/errata/RHSA-2002-026.html
- http://www.securityfocus.com/bid/4285
- http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
- http://www.iss.net/security_center/static/8463.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
- http://www.redhat.com/support/errata/RHSA-2002-026.html
- http://www.securityfocus.com/bid/4285