[SECADV-20220621-1] The c_rehash script allows command injection
Command injection
In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were
found by code review.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
Package | Fixed Version |
---|---|
pkg:openssl/openssl | = 3.0.4 |
pkg:openssl/openssl | = 1.1.1p |
pkg:openssl/openssl | = 1.0.2zf |
- ID
- SECADV-20220621-1
- Severity
- moderate
- Impact
- Command injection
- URL
- https://www.openssl.org/news/secadv/20220621.txt
- Published
-
2022-06-21T00:00:00
(2 years ago) - Modified
-
2022-06-21T00:00:00
(2 years ago) - Rights
- The OpenSSL Project
- Other Advisories
-
- ALAS-2022-1626
- ALAS2-2022-1831
- ALAS2-2022-1832
- ALAS2-2024-2502
- ALSA-2022:5818
- ALSA-2022:6224
- DSA-5169-1
- ELSA-2022-5818
- ELSA-2022-6224
- ELSA-2022-9683
- ELSA-2022-9751
- FEDORA-2022-3b7d0abd0b
- FEDORA-2022-41890e9e44
- FREEBSD:4EEB93BF-F204-11EC-8FBD-D4C9EF517024
- MS:CVE-2022-2068
- RHSA-2022:5818
- RHSA-2022:6224
- RLSA-2022:5818
- SSA:2022-174-01
- SSA:2022-179-03
- SUSE-SU-2022:2179-1
- SUSE-SU-2022:2180-1
- SUSE-SU-2022:2181-1
- SUSE-SU-2022:2182-1
- SUSE-SU-2022:2197-1
- SUSE-SU-2022:2251-1
- SUSE-SU-2022:2251-2
- SUSE-SU-2022:2306-1
- SUSE-SU-2022:2308-1
- SUSE-SU-2022:2309-1
- SUSE-SU-2022:2321-1
- USN-5488-1
- USN-5488-2
- USN-6457-1
- USN-7018-1
Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
---|---|---|---|---|---|---|---|
Fixed | pkg:openssl/openssl | openssl | = 3.0.4 | ||||
Fixed | pkg:openssl/openssl | openssl | = 1.1.1p | ||||
Fixed | pkg:openssl/openssl | openssl | = 1.0.2zf | ||||
Affected | pkg:openssl/openssl | openssl | = 3.0.0 | ||||
Affected | pkg:openssl/openssl | openssl | = 3.0.1 | ||||
Affected | pkg:openssl/openssl | openssl | = 3.0.2 | ||||
Affected | pkg:openssl/openssl | openssl | = 3.0.3 | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1 | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1a | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1b | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1c | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1d | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1e | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1f | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1g | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1h | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1i | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1j | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1k | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1l | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1m | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1n | ||||
Affected | pkg:openssl/openssl | openssl | = 1.1.1o | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2 | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2a | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2b | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2c | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2d | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2e | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2f | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2g | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2h | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2i | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2j | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2k | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2l | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2m | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2n | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2o | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2p | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2q | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2r | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2s | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2t | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2u | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2v | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2w | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2x | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2y | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2za | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2zb | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2zc | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2zd | ||||
Affected | pkg:openssl/openssl | openssl | = 1.0.2ze |
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
---|---|---|---|---|---|---|---|---|---|---|---|
# CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |