CVE-2002-1469
Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
22/04/2003
Last modified:
03/04/2025
Description
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
Impact
Base Score 2.0
7.50
Severity 2.0
HIGH
Vulnerable products and versions
| CPE | From | Up to |
|---|---|---|
| cpe:2.3:a:scponly:scponly:2.3:*:*:*:*:*:*:* | ||
| cpe:2.3:a:scponly:scponly:2.4:*:*:*:*:*:*:* |
To consult the complete list of CPE names with products and versions, see this page
References to Advisories, Solutions, and Tools
- http://online.securityfocus.com/archive/1/288245
- http://www.iss.net/security_center/static/9913.php
- http://www.securityfocus.com/bid/5526
- http://www.sublimation.org/scponly/
- http://online.securityfocus.com/archive/1/288245
- http://www.iss.net/security_center/static/9913.php
- http://www.securityfocus.com/bid/5526
- http://www.sublimation.org/scponly/