CVE-2002-0080 — Vulnetix

Try Vulnetix Request Demo

CVE-2002-0080 PUBLISHED CVSS 2.0999999046325684 LOW

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

EPSS 0.79% · 73.8th percentile

Risk Scores

CVSS v2.0

2.0999999046325684

EPSS Score

0.79%

73.8th percentile

Affected Products

Vendor	Product	Versions
samba	rsync	0
redhat	linux	6.2, 7.0, 7.1
n/a	n/a	n/a

Timeline

Mar 15, 2002 CVE Published
Feb 4, 2022 EPSS Score
Mar 28, 2022 EPSS Score
May 19, 2022 EPSS Score
Jul 10, 2022 EPSS Score
Sep 1, 2022 EPSS Score
Oct 23, 2022 EPSS Score
Dec 14, 2022 EPSS Score
Feb 4, 2023 EPSS Score
Mar 28, 2023 EPSS Score
May 19, 2023 EPSS Score
Jul 10, 2023 EPSS Score

References

linux-rsync-inherit-privileges(8463) vdb
MDKSA-2002:024 vendor-advisory
CSSA-2002-014.1 vendor-advisory
4285 vdb
RHSA-2002:026 vendor-advisory
https://nvd.nist.gov/vuln/detail/CVE-2002-0080 advisory

Open in Interactive Console →