Description
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by Derek D. Martin · textlocallinux
https://www.exploit-db.com/exploits/21732
References (4)
Core 4
Core References
Various Sources x_refsource_confirm
http://www.sublimation.org/scponly/
Patch, Vendor Advisory vdb-entry
x_refsource_xf
http://www.iss.net/security_center/static/9913.php
Exploit, Patch, Vendor Advisory mailing-list
x_refsource_bugtraq
http://online.securityfocus.com/archive/1/288245
Exploit, Patch, Vendor Advisory vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/5526
Scores
EPSS
0.0365
EPSS Percentile
88.0%
Details
Status
published
Products (2)
scponly/scponly
2.3
scponly/scponly
2.4
Published
Apr 22, 2003
Tracked Since
Feb 18, 2026