CVE-2002-0080

rsync < 2.5.3 - Improper Privilege Management in Daemon Mode

Title source: llm
STIX 2.1

Description

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

References (5)

Core 5
Core References
Broken Link vdb-entry x_refsource_xf
http://www.iss.net/security_center/static/8463.php
Broken Link vendor-advisory x_refsource_mandrake
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3
Broken Link vendor-advisory x_refsource_caldera
http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt
Third Party Advisory, VDB Entry vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/4285
Patch, Third Party Advisory vendor-advisory x_refsource_redhat
http://www.redhat.com/support/errata/RHSA-2002-026.html

Scores

EPSS 0.0079
EPSS Percentile 74.1%

Details

CWE
CWE-269
Status published
Products (5)
redhat/linux 6.2
redhat/linux 7.0
redhat/linux 7.1
redhat/linux 7.2
samba/rsync < 2.5.3
Published Mar 15, 2002
Tracked Since Feb 18, 2026