CVE-2002-1469
scponly - Authenticated Path Traversal via PATH Variable Manipulation
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2002-1469. PoCs published by Derek D. Martin.
AI-analyzed exploit summary This exploit leverages insufficient access controls in scponly's default installation to upload malicious files to the .ssh subdirectory, enabling arbitrary command execution. The attacker uploads a modified 'environment' file and a fake 'scp' script to achieve RCE.
Description
scponly does not properly verify the path when finding the (1) scp or (2) sftp-server programs, which could allow remote authenticated users to bypass access controls by uploading malicious programs and modifying the PATH variable in $HOME/.ssh/environment to locate those programs.
Exploits (1)
This exploit leverages insufficient access controls in scponly's default installation to upload malicious files to the .ssh subdirectory, enabling arbitrary command execution. The attacker uploads a modified 'environment' file and a fake 'scp' script to achieve RCE.