Security Advisory

CVE-2002-1469

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2004-09-01 04:00:00

Last updated 2024-08-08 03:26:28

Assigner mitre

State PUBLISHED

Description

scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.

← Browse all CVEs View on cve.org ↗