CVE-2002-0080 - OpenCVE

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Redhat	Linux
Samba	Rsync

Configuration 1 [-]

cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*

Configuration 2 [-]

OR	cpe:2.3:o:redhat:linux:6.2:::::::*
	cpe:2.3:o:redhat:linux:7.0:::::::*
	cpe:2.3:o:redhat:linux:7.1:::::::*
	cpe:2.3:o:redhat:linux:7.2:::::::*

References

Link	Resource
http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt	Broken Link
http://www.iss.net/security_center/static/8463.php	Broken Link
http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3	Broken Link
http://www.redhat.com/support/errata/RHSA-2002-026.html	Patch Third Party Advisory
http://www.securityfocus.com/bid/4285	Third Party Advisory VDB Entry

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2002-06-25T04:00:00

Updated: 2002-06-16T00:00:00

Reserved: 2002-02-21T00:00:00

Link: CVE-2002-0080

JSON object: View

NVD Information

Status : Analyzed

Published: 2002-03-15T05:00:00.000

Modified: 2020-11-16T20:48:24.797

Link: CVE-2002-0080

JSON object: View

Redhat Information

No data.

CWE

CWE-269

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-06-16T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "linux-rsync-inherit-privileges(8463)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8463.php"}, {"name": "MDKSA-2002:024", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3"}, {"name": "CSSA-2002-014.1", "tags": ["vendor-advisory", "x_refsource_CALDERA"], "url": "http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt"}, {"name": "4285", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4285"}, {"name": "RHSA-2002:026", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-026.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0080", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "linux-rsync-inherit-privileges(8463)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8463.php"}, {"name": "MDKSA-2002:024", "refsource": "MANDRAKE", "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3"}, {"name": "CSSA-2002-014.1", "refsource": "CALDERA", "url": "http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt"}, {"name": "4285", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4285"}, {"name": "RHSA-2002:026", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-026.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0080", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2002-02-21T00:00:00", "dateUpdated": "2002-06-16T00:00:00", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*", "matchCriteriaId": "2388AF97-7C59-4CF8-9B4F-EA3EE07EC68B", "versionEndExcluding": "2.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "0633B5A6-7A88-4A96-9462-4C09D124ED36", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed."}, {"lang": "es", "value": "rsync no llama adecuadamente a 'setgroups' antes de establecer los permisos, lo cual podr\u00eda proveer de ciertos privilegios de grupo a usuarios locales, los cuales podr\u00edan leer ciertos ficheros que de otro modo les estar\u00edan vetados."}], "id": "CVE-2002-0080", "lastModified": "2020-11-16T20:48:24.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-03-15T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.iss.net/security_center/static/8463.php"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2002-026.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/4285"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}