Vulnerabilities > CVE-2002-1469 - Unspecified vulnerability in Scponly 2.3/2.4
Attack vector
UNKNOWN Attack complexity
UNKNOWN Privileges required
UNKNOWN Confidentiality impact
UNKNOWN Integrity impact
UNKNOWN Availability impact
UNKNOWN scponly
exploit available
Summary
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 2 |
Exploit-Db
| description | SCPOnly 2.3/2.4 SSH Environment Shell Escaping Vulnerability. CVE-2002-1469. Local exploit for linux platform |
| id | EDB-ID:21732 |
| last seen | 2016-02-02 |
| modified | 2002-08-20 |
| published | 2002-08-20 |
| reporter | Derek D. Martin |
| source | https://www.exploit-db.com/download/21732/ |
| title | SCPOnly 2.3/2.4 - SSH Environment Shell Escaping Vulnerability |
References
- http://online.securityfocus.com/archive/1/288245
- http://online.securityfocus.com/archive/1/288245
- http://www.iss.net/security_center/static/9913.php
- http://www.iss.net/security_center/static/9913.php
- http://www.securityfocus.com/bid/5526
- http://www.securityfocus.com/bid/5526
- http://www.sublimation.org/scponly/
- http://www.sublimation.org/scponly/