Vulnerability Description
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
CVSS Score
LOW
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Samba | Rsync | < 2.5.3 |
| Redhat | Linux | 6.2 |
Related Weaknesses (CWE)
References
- http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txtBroken Link
- http://www.iss.net/security_center/static/8463.phpBroken Link
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3Broken Link
- http://www.redhat.com/support/errata/RHSA-2002-026.htmlPatchThird Party Advisory
- http://www.securityfocus.com/bid/4285Third Party AdvisoryVDB Entry
- http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txtBroken Link
- http://www.iss.net/security_center/static/8463.phpBroken Link
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3Broken Link
- http://www.redhat.com/support/errata/RHSA-2002-026.htmlPatchThird Party Advisory
- http://www.securityfocus.com/bid/4285Third Party AdvisoryVDB Entry
FAQ
What is CVE-2002-0080?
CVE-2002-0080 is a vulnerability with a CVSS score of 2.1 (LOW). rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files tha...
How severe is CVE-2002-0080?
CVE-2002-0080 has been rated LOW with a CVSS base score of 2.1/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2002-0080?
Check the references section above for vendor advisories and patch information. Affected products include: Samba Rsync, Redhat Linux.