Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-0080

Overview

Vulnerability Score 2.1 2.1
CVE Id CVE-2002-0080
Last Modified 05 Sep 2008 04:27:07
Published 15 Mar 2002 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector LOCAL
Access Complexity LOW
Authentication NONE

CVE-2002-0080

Summary

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

Vulnerable Systems

Operating System

  • Redhat Linux 6.2

  • Redhat Linux 7.0

  • Redhat Linux 7.1

  • Redhat Linux 7.2

Application

  • Andrew Tridgell Rsync


References

REDHAT - RHSA-2002:026

BID - 4285

MANDRAKE - MDKSA-2002:024

XF - linux-rsync-inherit-privileges(8463)

CALDERA - CSSA-2002-014.1


Last Updated: 27 May 2016 10:36:46