Vulnerabilities
Misconfiguration
Runtime Security
Compliance
CVE Vulnerabilities

CVE-2002-0080

Improper Privilege Management

Published: Mar 15, 2002 | Modified: Nov 16, 2020
CVSS 3.x
N/A
Source:
NVD
CVSS 2.x
2.1 LOW
AV:L/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
Additional information
NVDhttps://nvd.nist.gov/vuln/detail/CVE-2002-0080
CWEhttps://cwe.mitre.org/data/definitions/269.html

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

Weakness

The product does not properly assign, modify, track, or check privileges for an actor, creating an unintended sphere of control for that actor.

Affected Software

Name Vendor Start Version End Version
Rsync Samba * 2.5.3 (excluding)
Red Hat Linux 6.2 RedHat *
Red Hat Linux 7.0 RedHat *
Red Hat Linux 7.1 RedHat *
Red Hat Linux 7.2 RedHat *

Potential Mitigations

References

Aqua Security is the largest pure-play cloud native security company, providing customers the freedom to innovate and run their businesses with minimal friction. The Aqua Cloud Native Security Platform provides prevention, detection, and response automation across the entire application lifecycle to secure the build, secure cloud infrastructure and secure running workloads wherever they are deployed.
Copyright © 2024 Aqua Security Software Ltd.   Privacy Policy | Terms of Use