CVE-2022-2068
In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).
Weaknesses
- CWE-78
- Improper Neutralization of Special Elements used in an OS Command ('OS Command Injection')
Related CVEs
- CVE Status
- PUBLISHED
- CNA
- OpenSSL Software Foundation
- Published Date
-
2022-06-21 15:15:09
(2 years ago) - Updated Date
-
2023-11-07 03:46:11
(10 months ago)
Affected Products
- Element Software
- Hci Management Node
- Ontap Antivirus Connector
- Ontap Select Deploy Administration Utility
- Santricity Smi-s Provider
- Smi-s Provider
- Snapmanager
- Solidfire
- Aff 8300
- Aff 8700
- Aff A400
- Fas 8300
- Fas 8700
- Fas A400
- H300s
- H410c
- H410s
- H500s
- H610c
- H610s
- H615c
- H700s
- Hci Compute Node
- Aff 8300 Firmware
- Aff 8700 Firmware
- Aff A400 Firmware
- Bootstrap Os
- Fas 8300 Firmware
- Fas 8700 Firmware
- Fas A400 Firmware
- H300s Firmware
- H410c Firmware
- H410s Firmware
- H500s Firmware
- H610c Firmware
- H610s Firmware
- H615c Firmware
- H700s Firmware
Configuration #1
|
Configuration #2
|
Configuration #3
|
Configuration #4
|
Configuration #5
|
Configuration #6
AND |
|
---|
Configuration #7
AND |
|
---|
Configuration #8
AND |
|
---|
Configuration #9
AND |
|
---|
Configuration #10
AND |
|
---|
Configuration #11
AND |
|
---|
Configuration #12
AND |
|
---|
Configuration #13
AND |
|
---|
Configuration #14
AND |
|
---|
Configuration #15
AND |
|
---|
Configuration #16
AND |
|
---|
Configuration #17
AND |
|
---|
Configuration #18
AND |
|
---|
Configuration #19
AND |
|
---|
Configuration #20
AND |
|
---|
Configuration #21
|