CVE-2002-1469

Опубликовано: 22 апр. 2003

Источник: nvd

CVSS2: 7.5

EPSS Низкий

Описание

scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.

Ссылки

http://online.securityfocus.com/archive/1/288245
Exploit
Patch
Vendor Advisory
http://www.iss.net/security_center/static/9913.php
Patch
Vendor Advisory
http://www.securityfocus.com/bid/5526
Exploit
Patch
Vendor Advisory
http://www.sublimation.org/scponly/
http://online.securityfocus.com/archive/1/288245
Exploit
Patch
Vendor Advisory
http://www.iss.net/security_center/static/9913.php
Patch
Vendor Advisory
http://www.securityfocus.com/bid/5526
Exploit
Patch
Vendor Advisory
http://www.sublimation.org/scponly/

Уязвимые конфигурации

Конфигурация 1

Одно из

cpe:2.3:a:scponly:scponly:2.3:*:*:*:*:*:*:*

cpe:2.3:a:scponly:scponly:2.4:*:*:*:*:*:*:*

EPSS

Процентиль: 91%

0.07531

Низкий

7.5 High

CVSS2

Дефекты

NVD-CWE-Other

Связанные уязвимости

CVE-2002-1469

debian

больше 22 лет назад

scponly does not properly verify the path when finding the (1) scp or ...

GHSA-p6wh-j563-f69f

github

больше 3 лет назад