rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.
                
            References
                    | Link | Resource | 
|---|---|
| http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt | Broken Link | 
| http://www.iss.net/security_center/static/8463.php | Broken Link | 
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3 | Broken Link | 
| http://www.redhat.com/support/errata/RHSA-2002-026.html | Patch Third Party Advisory | 
| http://www.securityfocus.com/bid/4285 | Third Party Advisory VDB Entry | 
| http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt | Broken Link | 
| http://www.iss.net/security_center/static/8463.php | Broken Link | 
| http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3 | Broken Link | 
| http://www.redhat.com/support/errata/RHSA-2002-026.html | Patch Third Party Advisory | 
| http://www.securityfocus.com/bid/4285 | Third Party Advisory VDB Entry | 
Configurations
                    History
                    No history.
Information
                Published : 2002-03-15 05:00
Updated : 2025-04-03 01:03
NVD link : CVE-2002-0080
Mitre link : CVE-2002-0080
CVE.ORG link : CVE-2002-0080
JSON object : View
Products Affected
                redhat
- linux
samba
- rsync
CWE
                
                    
                        
                        CWE-269
                        
            Improper Privilege Management
