CVE-2002-0080

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

CVSS v2.0 2.1 LOW

2.1^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:L/Au:N/C:P/I:N/A:N

Exploitability : 3.9 / Impact : 2.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
http://www.redhat.com/support/errata/RHSA-2002-026.html	Patch Third Party Advisory
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3	Broken Link
http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt	Broken Link
http://www.iss.net/security_center/static/8463.php	Broken Link
http://www.securityfocus.com/bid/4285	Third Party Advisory VDB Entry

Advertisement

Configurations

Configuration 1 (hide)

cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:o:redhat:linux:6.2:::::::*
	cpe:2.3:o:redhat:linux:7.0:::::::*
	cpe:2.3:o:redhat:linux:7.1:::::::*
	cpe:2.3:o:redhat:linux:7.2:::::::*

Information

Published : 2002-03-14 21:00

Updated : 2020-11-16 12:48

NVD link : CVE-2002-0080

Mitre link : CVE-2002-0080

JSON object : View

CWE

CWE-269

Improper Privilege Management

Advertisement

Products Affected

samba

rsync

redhat

linux

{"cve": {"data_type": "CVE", "references": {"reference_data": [{"url": "http://www.redhat.com/support/errata/RHSA-2002-026.html", "name": "RHSA-2002:026", "tags": ["Patch", "Third Party Advisory"], "refsource": "REDHAT"}, {"url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3", "name": "MDKSA-2002:024", "tags": ["Broken Link"], "refsource": "MANDRAKE"}, {"url": "http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt", "name": "CSSA-2002-014.1", "tags": ["Broken Link"], "refsource": "CALDERA"}, {"url": "http://www.iss.net/security_center/static/8463.php", "name": "linux-rsync-inherit-privileges(8463)", "tags": ["Broken Link"], "refsource": "XF"}, {"url": "http://www.securityfocus.com/bid/4285", "name": "4285", "tags": ["Third Party Advisory", "VDB Entry"], "refsource": "BID"}]}, "data_format": "MITRE", "description": {"description_data": [{"lang": "en", "value": "rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "en", "value": "CWE-269"}]}]}, "data_version": "4.0", "CVE_data_meta": {"ID": "CVE-2002-0080", "ASSIGNER": "cve@mitre.org"}}, "impact": {"baseMetricV2": {"cvssV2": {"version": "2.0", "baseScore": 2.1, "accessVector": "LOCAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "LOW", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "severity": "LOW", "impactScore": 2.9, "obtainAllPrivilege": false, "exploitabilityScore": 3.9, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": false}}, "publishedDate": "2002-03-15T05:00Z", "configurations": {"nodes": [{"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true, "versionEndExcluding": "2.5.3"}]}, {"children": [], "operator": "OR", "cpe_match": [{"cpe23Uri": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}, {"cpe23Uri": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "cpe_name": [], "vulnerable": true}]}], "CVE_data_version": "4.0"}, "lastModifiedDate": "2020-11-16T20:48Z"}