{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2002-03-11T00:00:00", "descriptions": [{"lang": "en", "value": "rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2002-06-16T00:00:00", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"name": "linux-rsync-inherit-privileges(8463)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "http://www.iss.net/security_center/static/8463.php"}, {"name": "MDKSA-2002:024", "tags": ["vendor-advisory", "x_refsource_MANDRAKE"], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3"}, {"name": "CSSA-2002-014.1", "tags": ["vendor-advisory", "x_refsource_CALDERA"], "url": "http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt"}, {"name": "4285", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/4285"}, {"name": "RHSA-2002:026", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2002-026.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2002-0080", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "linux-rsync-inherit-privileges(8463)", "refsource": "XF", "url": "http://www.iss.net/security_center/static/8463.php"}, {"name": "MDKSA-2002:024", "refsource": "MANDRAKE", "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3"}, {"name": "CSSA-2002-014.1", "refsource": "CALDERA", "url": "http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt"}, {"name": "4285", "refsource": "BID", "url": "http://www.securityfocus.com/bid/4285"}, {"name": "RHSA-2002:026", "refsource": "REDHAT", "url": "http://www.redhat.com/support/errata/RHSA-2002-026.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-08T02:35:17.589Z"}, "title": "CVE Program Container", "references": [{"name": "linux-rsync-inherit-privileges(8463)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "http://www.iss.net/security_center/static/8463.php"}, {"name": "MDKSA-2002:024", "tags": ["vendor-advisory", "x_refsource_MANDRAKE", "x_transferred"], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3"}, {"name": "CSSA-2002-014.1", "tags": ["vendor-advisory", "x_refsource_CALDERA", "x_transferred"], "url": "http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt"}, {"name": "4285", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/4285"}, {"name": "RHSA-2002:026", "tags": ["vendor-advisory", "x_refsource_REDHAT", "x_transferred"], "url": "http://www.redhat.com/support/errata/RHSA-2002-026.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2002-0080", "datePublished": "2002-06-25T04:00:00", "dateReserved": "2002-02-21T00:00:00", "dateUpdated": "2024-08-08T02:35:17.589Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:samba:rsync:*:*:*:*:*:*:*:*", "matchCriteriaId": "2388AF97-7C59-4CF8-9B4F-EA3EE07EC68B", "versionEndExcluding": "2.5.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:redhat:linux:6.2:*:*:*:*:*:*:*", "matchCriteriaId": "0633B5A6-7A88-4A96-9462-4C09D124ED36", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.0:*:*:*:*:*:*:*", "matchCriteriaId": "29B186E5-7C2F-466E-AA4A-8F2B618F8A14", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.1:*:*:*:*:*:*:*", "matchCriteriaId": "1D46E093-1C68-43BB-B281-12117EC8DE0F", "vulnerable": true}, {"criteria": "cpe:2.3:o:redhat:linux:7.2:*:*:*:*:*:*:*", "matchCriteriaId": "E562907F-D915-4030-847A-3C6834A80D4E", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed."}, {"lang": "es", "value": "rsync no llama adecuadamente a 'setgroups' antes de establecer los permisos, lo cual podr\u00eda proveer de ciertos privilegios de grupo a usuarios locales, los cuales podr\u00edan leer ciertos ficheros que de otro modo les estar\u00edan vetados."}], "id": "CVE-2002-0080", "lastModified": "2020-11-16T20:48:24.797", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 2.1, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:L/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2002-03-15T05:00:00.000", "references": [{"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.caldera.com/support/security/advisories/CSSA-2002-014.1.txt"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.iss.net/security_center/static/8463.php"}, {"source": "cve@mitre.org", "tags": ["Broken Link"], "url": "http://www.linux-mandrake.com/en/security/2002/MDKSA-2002-024.php3"}, {"source": "cve@mitre.org", "tags": ["Patch", "Third Party Advisory"], "url": "http://www.redhat.com/support/errata/RHSA-2002-026.html"}, {"source": "cve@mitre.org", "tags": ["Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/4285"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-269"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{"affected_release": [{"advisory": "RHSA-2002:026", "cpe": "cpe:/o:redhat:linux:6.2", "product_name": "Red Hat Linux 6.2", "release_date": "2002-03-11T00:00:00Z"}, {"advisory": "RHSA-2002:026", "cpe": "cpe:/o:redhat:linux:7.0", "product_name": "Red Hat Linux 7.0", "release_date": "2002-03-11T00:00:00Z"}, {"advisory": "RHSA-2002:026", "cpe": "cpe:/o:redhat:linux:7.1", "product_name": "Red Hat Linux 7.1", "release_date": "2002-03-11T00:00:00Z"}, {"advisory": "RHSA-2002:026", "cpe": "cpe:/o:redhat:linux:7.2", "product_name": "Red Hat Linux 7.2", "release_date": "2002-03-11T00:00:00Z"}], "bugzilla": {"description": "security flaw", "id": "1616738", "url": "https://bugzilla.redhat.com/show_bug.cgi?id=1616738"}, "csaw": false, "details": ["rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed."], "name": "CVE-2002-0080", "public_date": "2002-03-11T00:00:00Z", "references": ["https://www.cve.org/CVERecord?id=CVE-2002-0080\nhttps://nvd.nist.gov/vuln/detail/CVE-2002-0080"]}