Bug 2081494 (CVE-2022-1292) - CVE-2022-1292 openssl: c_rehash script allows command injection
Summary: CVE-2022-1292 openssl: c_rehash script allows command injection
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-1292
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2090386 2111157 2230555 2081827 2090361 2090362 2090371 2090372 2090388 2090566 2095798 2095799 2095800 2095801 2095802 2095812 2095813 2095814 2095815 2095816 2095817 2095818
Blocks: 2081495
TreeView+ depends on / blocked
 
Reported: 2022-05-03 21:53 UTC by Patrick Del Bello
Modified: 2023-09-26 18:53 UTC (History)
104 users (show)

Fixed In Version: openssl 1.0.2ze, openssl 1.1.1o, openssl 3.0.3
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.
Clone Of:
Environment:
Last Closed: 2022-09-03 09:33:23 UTC
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:5818 0 None None None 2022-08-03 13:00:21 UTC
Red Hat Product Errata RHSA-2022:6224 0 None None None 2022-08-30 16:02:17 UTC
Red Hat Product Errata RHSA-2022:8840 0 None None None 2022-12-08 13:06:52 UTC
Red Hat Product Errata RHSA-2022:8841 0 None None None 2022-12-08 13:21:36 UTC
Red Hat Product Errata RHSA-2022:8913 0 None None None 2022-12-12 12:39:41 UTC
Red Hat Product Errata RHSA-2022:8917 0 None None None 2022-12-12 12:25:37 UTC

Description Patrick Del Bello 2022-05-03 21:53:57 UTC 
The c_rehash script does not properly sanitise shell metacharacters to
prevent command injection.  This script is distributed by some operating
systems in a manner where it is automatically executed.  On such operating
systems, an attacker could execute arbitrary commands with the privileges
of the script.

Use of the c_rehash script is considered obsolete and should be replaced
by the OpenSSL rehash command line tool.

This issue affects OpenSSL versions 1.0.2, 1.1.1 and 3.0.

OpenSSL 1.0.2 users should upgrade to 1.0.2ze 
OpenSSL 1.1.1 users should upgrade to 1.1.1o
OpenSSL 3.0 users should upgrade to 3.0.3
Comment 5 Mauro Matteo Cascella 2022-05-25 15:49:31 UTC 
OpenSSL Security Advisory:
https://www.openssl.org/news/secadv/20220503.txt

Upstream fix:
https://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=7c33270707b568c524a8ef125fe611a8872cb5e8
Comment 9 Mauro Matteo Cascella 2022-06-10 16:06:00 UTC 
Created edk2 tracking bugs for this issue:

Affects: fedora-all [bug 2095816]


Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 2095815]


Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 2095812]


Created openssl1.1 tracking bugs for this issue:

Affects: fedora-all [bug 2095817]


Created openssl11 tracking bugs for this issue:

Affects: epel-7 [bug 2095813]


Created openssl3 tracking bugs for this issue:

Affects: epel-8 [bug 2095814]


Created shim tracking bugs for this issue:

Affects: fedora-all [bug 2095818]
Comment 11 errata-xmlrpc 2022-08-03 13:00:13 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5818 https://access.redhat.com/errata/RHSA-2022:5818
Comment 12 errata-xmlrpc 2022-08-30 16:02:11 UTC 
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6224 https://access.redhat.com/errata/RHSA-2022:6224
Comment 13 Product Security DevOps Team 2022-09-03 09:33:17 UTC 
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-1292
Comment 14 errata-xmlrpc 2022-12-08 13:06:47 UTC 
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services for RHEL 8

Via RHSA-2022:8840 https://access.redhat.com/errata/RHSA-2022:8840
Comment 15 errata-xmlrpc 2022-12-08 13:21:29 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2022:8841 https://access.redhat.com/errata/RHSA-2022:8841
Comment 16 errata-xmlrpc 2022-12-12 12:25:32 UTC 
This issue has been addressed in the following products:

  Red Hat JBoss Web Server 5.7 on RHEL 7
  Red Hat JBoss Web Server 5.7 on RHEL 8
  Red Hat JBoss Web Server 5.7 on RHEL 9

Via RHSA-2022:8917 https://access.redhat.com/errata/RHSA-2022:8917
Comment 17 errata-xmlrpc 2022-12-12 12:39:37 UTC 
This issue has been addressed in the following products:

  JWS 5.7.1 release

Via RHSA-2022:8913 https://access.redhat.com/errata/RHSA-2022:8913
Note You need to log in before you can comment on or make changes to this bug.