CVE-2002-0080 — Improper Privilege Management in Samba Rsync

CWE-269 — Improper Privilege Management6 documents6 sources

Severity

2.1LOWNVD

EPSS

0.8%

top 26.08%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Samba Rsync Redhat Linux

Timeline

PublishedMar 15

Latest updateApr 30

Description

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

CVSS vector

AV:L/AC:L/C:P/I:N/A:NExploitability: 3.9 | Impact: 2.9

Affected Packages2 packages

▶NVDsamba/rsync< 2.5.3

▶NVDredhat/linux4 versions+3

Patches

Patch: www.redhat.com ↗Patch: www.redhat.com ↗

🔴Vulnerability Details

GHSA

GHSA-mghq-fcpm-9vvg: rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to↗2022-04-30

▶

CVEList

CVE-2002-0080: rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to↗2002-06-25

▶

📋Vendor Advisories

Cisco

Vulnerability in the zlib Compression Library↗2002-04-03

▶

Red Hat

security flaw↗2002-03-11

▶

💬Community

Bugzilla

CVE-2002-0080 security flaw↗2018-08-16

▶