• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

SCPOnly SSH Environment Shell Escaping Vulnerability

scponly is a freely available, open source restricted secure copy client. It is available for Unix and Linux operating systems.

The default installation of scponly does not place sufficient access controls on the .ssh subdirectory. Due to this oversight, it is possible for a remote user to upload files which may allow command execution. This could lead to unintended command execution, and regular shell access to a vulnerable host.