Privilege Escalation Vulnerability in Rsync Daemon from Artsy Technologies
CVE-2002-0080

Currently unrated

Key Information:

Vendor: Samba
Status: Rsync
Vendor: CVE Published:; 15 March 2002

What is CVE-2002-0080?

Rsync, when operated in daemon mode, fails to appropriately call setgroups prior to privilege dropping. This oversight can permit local users to retain supplemental group privileges, enabling them to access and read files that are normally restricted. Organizations utilizing Rsync should review their configurations and apply necessary updates to mitigate potential risks related to unauthorized file access.

References

http://www.iss.net/security_center/static/8463.php

vdb-entryx_refsource_XF

http://www.linux-mandrake.com/en/security/2002/MDKSA-2002...

vendor-advisoryx_refsource_MANDRAKE

http://www.caldera.com/support/security/advisories/CSSA-2...

vendor-advisoryx_refsource_CALDERA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Mar 15, 2002
Vulnerability Reserved
Feb 21, 2002

Samba

What is CVE-2002-0080?

References

Timeline