Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2002-1469

Overview

Vulnerability Score 7.5 7.5
CVE Id CVE-2002-1469
Last Modified 05 Sep 2008 04:30:40
Published 22 Apr 2003 12:00:00
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact PARTIAL PARTIAL
Availability Impact PARTIAL PARTIAL
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2002-1469

Summary

scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.

Vulnerable Systems

Application

  • Scponly 2.3

  • Scponly 2.4


References

BID - 5526

XF - scponly-ssh-env-upload(9913)

BUGTRAQ - 20020820 vulnerabilities in scponly

CONFIRM - http://www.sublimation.org/scponly/


Last Updated: 27 May 2016 10:37:20