Vulnerability Details CVE-2002-0080
rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.008
EPSS Ranking 73.1%
CVSS Severity
CVSS v2 Score 2.1
References
- http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
- http://www.iss.net/security_center/static/8463.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
- http://www.redhat.com/support/errata/RHSA-2002-026.html
- http://www.securityfocus.com/bid/4285
- http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
- http://www.iss.net/security_center/static/8463.php
- http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
- http://www.redhat.com/support/errata/RHSA-2002-026.html
- http://www.securityfocus.com/bid/4285
Products affected by CVE-2002-0080
-
cpe:2.3:a:samba:rsync:1.6.4
-
cpe:2.3:a:samba:rsync:1.6.5
-
cpe:2.3:a:samba:rsync:1.6.6
-
cpe:2.3:a:samba:rsync:1.6.7
-
cpe:2.3:a:samba:rsync:1.6.8
-
cpe:2.3:a:samba:rsync:1.6.9
-
cpe:2.3:a:samba:rsync:1.7.0
-
cpe:2.3:a:samba:rsync:1.7.1
-
cpe:2.3:a:samba:rsync:1.7.2
-
cpe:2.3:a:samba:rsync:1.7.3
-
cpe:2.3:a:samba:rsync:1.7.4
-
cpe:2.3:a:samba:rsync:2.0.0
-
cpe:2.3:a:samba:rsync:2.0.1
-
cpe:2.3:a:samba:rsync:2.0.10
-
cpe:2.3:a:samba:rsync:2.0.11
-
cpe:2.3:a:samba:rsync:2.0.12
-
cpe:2.3:a:samba:rsync:2.0.13
-
cpe:2.3:a:samba:rsync:2.0.14
-
cpe:2.3:a:samba:rsync:2.0.15
-
cpe:2.3:a:samba:rsync:2.0.16
-
cpe:2.3:a:samba:rsync:2.0.17
-
cpe:2.3:a:samba:rsync:2.0.18
-
cpe:2.3:a:samba:rsync:2.0.19
-
cpe:2.3:a:samba:rsync:2.0.2
-
cpe:2.3:a:samba:rsync:2.0.3
-
cpe:2.3:a:samba:rsync:2.0.4
-
cpe:2.3:a:samba:rsync:2.0.5
-
cpe:2.3:a:samba:rsync:2.0.6
-
cpe:2.3:a:samba:rsync:2.0.7
-
cpe:2.3:a:samba:rsync:2.0.8
-
cpe:2.3:a:samba:rsync:2.0.9
-
cpe:2.3:a:samba:rsync:2.1.0
-
cpe:2.3:a:samba:rsync:2.1.1
-
cpe:2.3:a:samba:rsync:2.2.0
-
cpe:2.3:a:samba:rsync:2.2.1
-
cpe:2.3:a:samba:rsync:2.3.0
-
cpe:2.3:a:samba:rsync:2.3.1
-
cpe:2.3:a:samba:rsync:2.3.2
-
cpe:2.3:a:samba:rsync:2.3.3
-
cpe:2.3:a:samba:rsync:2.4.0
-
cpe:2.3:a:samba:rsync:2.4.1
-
cpe:2.3:a:samba:rsync:2.4.2
-
cpe:2.3:a:samba:rsync:2.4.3
-
cpe:2.3:a:samba:rsync:2.4.4
-
cpe:2.3:a:samba:rsync:2.4.5
-
cpe:2.3:a:samba:rsync:2.4.6
-
cpe:2.3:a:samba:rsync:2.4.7
-
cpe:2.3:a:samba:rsync:2.4.8
-
cpe:2.3:a:samba:rsync:2.5.0
-
cpe:2.3:a:samba:rsync:2.5.1
-
cpe:2.3:a:samba:rsync:2.5.2
-
cpe:2.3:o:redhat:linux:6.2
-
cpe:2.3:o:redhat:linux:7.0
-
cpe:2.3:o:redhat:linux:7.1
-
cpe:2.3:o:redhat:linux:7.2