Vulnerabilities > CVE-2002-1469 - Unspecified vulnerability in Scponly 2.3/2.4
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
PARTIAL Availability impact
PARTIAL Summary
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | SCPOnly 2.3/2.4 SSH Environment Shell Escaping Vulnerability. CVE-2002-1469. Local exploit for linux platform |
| id | EDB-ID:21732 |
| last seen | 2016-02-02 |
| modified | 2002-08-20 |
| published | 2002-08-20 |
| reporter | Derek D. Martin |
| source | https://www.exploit-db.com/download/21732/ |
| title | SCPOnly 2.3/2.4 - SSH Environment Shell Escaping Vulnerability |