CVE-2002-0080

Severity CVSS v4.0:
Pending analysis
Type:
CWE-269 Improper Privilege Management
Publication date:
15/03/2002
Last modified:
03/04/2025

Description

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:* 2.5.3 (excluding)
cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*
cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*