[SECADV-20220621-1] The c_rehash script allows command injection
Severity
Moderate
Affected Packages
51
Fixed Packages
3
CVEs
1
Command injection
In addition to the c_rehash shell command injection identified in
CVE-2022-1292, further circumstances where the c_rehash script does not
properly sanitise shell metacharacters to prevent command injection were
found by code review.
When the CVE-2022-1292 was fixed it was not discovered that there
are other places in the script where the file names of certificates
being hashed were possibly passed to a command executed through the shell.
This script is distributed by some operating systems in a manner where
it is automatically executed. On such operating systems, an attacker
could execute arbitrary commands with the privileges of the script.
Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.
| Package | Fixed Version |
|---|---|
 pkg:openssl/openssl
|
= 3.0.4 |
|
pkg:openssl/openssl
|
= 1.1.1p |
|
pkg:openssl/openssl
|
= 1.0.2zf |
- ID
- SECADV-20220621-1
- Severity
- moderate
- Impact
- Command injection
- URL
- https://www.openssl.org/news/secadv/20220621.txt
- Published
-
2022-06-21T00:00:00
(2 years ago) - Modified
-
2022-06-21T00:00:00
(2 years ago) - Rights
- The OpenSSL Project
- Other Advisories
-
-
ALAS-2022-1626
-
ALAS2-2022-1831
-
ALAS2-2022-1832
-
ALAS2-2024-2502
-
ALSA-2022:5818
-
ALSA-2022:6224
-
DSA-5169-1
-
ELSA-2022-5818
-
ELSA-2022-6224
-
ELSA-2022-9683
-
ELSA-2022-9751
-
FEDORA-2022-3b7d0abd0b
-
FEDORA-2022-41890e9e44
-
FREEBSD:4EEB93BF-F204-11EC-8FBD-D4C9EF517024
-
MS:CVE-2022-2068
-
RHSA-2022:5818
-
RHSA-2022:6224
-
RLSA-2022:5818
-
SSA:2022-174-01
-
SSA:2022-179-03
-
SUSE-SU-2022:2179-1
-
SUSE-SU-2022:2180-1
-
SUSE-SU-2022:2181-1
-
SUSE-SU-2022:2182-1
-
SUSE-SU-2022:2197-1
-
SUSE-SU-2022:2251-1
-
SUSE-SU-2022:2251-2
-
SUSE-SU-2022:2306-1
-
SUSE-SU-2022:2308-1
-
SUSE-SU-2022:2309-1
-
SUSE-SU-2022:2321-1
-
USN-5488-1
-
USN-5488-2
-
USN-6457-1
-
USN-7018-1
-
| Type | Package URL | Namespace | Name / Product | Version | Distribution / Platform | Arch | Patch / Fix |
|---|---|---|---|---|---|---|---|
| Fixed | pkg:openssl/openssl |
openssl
|
= 3.0.4 | ||||
| Fixed | pkg:openssl/openssl |
openssl
|
= 1.1.1p | ||||
| Fixed | pkg:openssl/openssl |
openssl
|
= 1.0.2zf | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 3.0.0 | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 3.0.1 | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 3.0.2 | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 3.0.3 | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1 | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1a | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1b | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1c | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1d | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1e | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1f | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1g | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1h | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1i | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1j | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1k | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1l | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1m | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1n | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.1.1o | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2 | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2a | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2b | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2c | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2d | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2e | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2f | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2g | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2h | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2i | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2j | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2k | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2l | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2m | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2n | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2o | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2p | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2q | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2r | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2s | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2t | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2u | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2v | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2w | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2x | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2y | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2za | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2zb | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2zc | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2zd | ||||
| Affected | pkg:openssl/openssl |
openssl
|
= 1.0.2ze |
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | Exploits | PoC | Pubblication Date | Modification Date |
|---|---|---|---|---|---|---|---|---|---|---|---|
| # CVE | Description | CVSS | EPSS | EPSS Trend (30 days) | Affected Products | Weaknesses | Security Advisories | PoC | Pubblication Date | Modification Date |