| Vulnerability Name: | CVE-2002-0080 (CCN-8463) | ||||||||
| Assigned: | 2002-03-13 | ||||||||
| Published: | 2002-03-13 | ||||||||
| Updated: | 2020-11-16 | ||||||||
| Summary: | rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed. | ||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||
| CVSS v2 Severity: | 2.1 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||
| Vulnerability Type: | CWE-269 | ||||||||
| Vulnerability Consequences: | Gain Privileges | ||||||||
| References: | Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2002-014.1 Linux: REVISED: rsync supplementary groups vulnerability Source: CCN Type: Caldera International, Inc. Security Advisory CSSA-2002-014.0 Linux: rsync supplementary groups vulnerability Source: MITRE Type: CNA CVE-2002-0080 Source: CCN Type: RHSA-2002-026 Vulnerability in zlib library Source: CALDERA Type: Broken Link CSSA-2002-014.1 Source: XF Type: Broken Link linux-rsync-inherit-privileges(8463) Source: MANDRAKE Type: Broken Link MDKSA-2002:024 Source: CCN Type: OSVDB ID: 2053 rsync Daemon Mode Supplementary Group Privilege Source: REDHAT Type: Patch, Third Party Advisory RHSA-2002:026 Source: BID Type: Third Party Advisory, VDB Entry 4285 Source: CCN Type: BID-4285 RSync Daemon Mode Supplementary Group Privilege Vulnerability Source: XF Type: UNKNOWN linux-rsync-inherit-privileges(8463) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration 2: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||