CVE-2002-0080
Published Mar 15, 2002
Last updated 4 years ago
Overview
- Description
- rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
- Source
- cve@mitre.org
- NVD status
- Analyzed
Social media
- Hype score
- Not currently trending
Risk scores
CVSS 2.0
- Type
- Primary
- Base score
- 2.1
- Impact score
- 2.9
- Exploitability score
- 3.9
- Vector string
- AV:L/AC:L/Au:N/C:P/I:N/A:N
Weaknesses
- nvd@nist.gov
- CWE-269
Configurations
[
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "2388AF97-7C59-4CF8-9B4F-EA3EE07EC68B",
"versionEndExcluding": "2.5.3"
}
],
"operator": "OR"
}
]
},
{
"nodes": [
{
"negate": false,
"cpeMatch": [
{
"criteria": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "0633B5A6-7A88-4A96-9462-4C09D124ED36"
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14"
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F"
},
{
"criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*",
"vulnerable": true,
"matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E"
}
],
"operator": "OR"
}
]
}
]