CVE-2002-0080

high

Description

rsync, when running in daemon mode, does not properly call setgroups before dropping privileges, which could provide supplemental group privileges to local users, who could then read certain files that would otherwise be disallowed.

References

http://www.securityfocus.com/bid/4285

http://www.redhat.com/support/errata/RHSA-2002-026.html

Details

Source: Mitre, NVD

Published: 2002-03-15

Updated: 2020-11-16

Risk Information

CVSS v2

Base Score: 2.1

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:N/A:N

Severity: Low

CVSS v3

Base Score: 7.8

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Severity: High