Bug 2097310 (CVE-2022-2068) - CVE-2022-2068 openssl: the c_rehash script allows command injection
Summary: CVE-2022-2068 openssl: the c_rehash script allows command injection
Keywords:
Status: CLOSED ERRATA
Alias: CVE-2022-2068
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
medium
medium
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
URL:
Whiteboard:
Depends On: 2098277 2099471 2099971 2099974 2100097 2111157 2098273 2098276 2098278 2098279 2098280 2098281 2099969 2099970 2099972 2099973 2099975 2100098 2104732
Blocks: 2097311
TreeView+ depends on / blocked
 
Reported: 2022-06-15 12:16 UTC by Marian Rehak
Modified: 2022-12-12 12:39 UTC (History)
111 users (show)

Fixed In Version: openssl 1.0.2zf, openssl 1.1.1p, openssl 3.0.4
Doc Type: If docs needed, set a value
Doc Text:
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.
Clone Of:
Environment:
Last Closed: 2022-09-03 10:26:24 UTC


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHSA-2022:5818 0 None None None 2022-08-03 13:00:42 UTC
Red Hat Product Errata RHSA-2022:6224 0 None None None 2022-08-30 16:02:34 UTC
Red Hat Product Errata RHSA-2022:8840 0 None None None 2022-12-08 13:07:15 UTC
Red Hat Product Errata RHSA-2022:8841 0 None None None 2022-12-08 13:22:05 UTC
Red Hat Product Errata RHSA-2022:8913 0 None None None 2022-12-12 12:39:45 UTC
Red Hat Product Errata RHSA-2022:8917 0 None None None 2022-12-12 12:25:38 UTC

Description Marian Rehak 2022-06-15 12:16:30 UTC
When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script.

Comment 9 Marian Rehak 2022-06-22 06:08:18 UTC
Created edk2 tracking bugs for this issue:

Affects: fedora-all [bug 2099974]


Created mingw-openssl tracking bugs for this issue:

Affects: fedora-all [bug 2099971]


Created openssl tracking bugs for this issue:

Affects: fedora-all [bug 2099972]


Created openssl1.1 tracking bugs for this issue:

Affects: fedora-all [bug 2099975]


Created openssl11 tracking bugs for this issue:

Affects: epel-7 [bug 2099969]


Created openssl3 tracking bugs for this issue:

Affects: epel-8 [bug 2099970]


Created shim tracking bugs for this issue:

Affects: fedora-all [bug 2099973]

Comment 13 Mauro Matteo Cascella 2022-06-22 13:58:57 UTC
Follow-up commit:
https://github.com/openssl/openssl/commit/8a3579a7b7067a983e69a4eda839ac408c120739 [OpenSSL 3.0.4]

Comment 18 errata-xmlrpc 2022-08-03 13:00:33 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 8

Via RHSA-2022:5818 https://access.redhat.com/errata/RHSA-2022:5818

Comment 19 errata-xmlrpc 2022-08-30 16:02:28 UTC
This issue has been addressed in the following products:

  Red Hat Enterprise Linux 9

Via RHSA-2022:6224 https://access.redhat.com/errata/RHSA-2022:6224

Comment 20 Product Security DevOps Team 2022-09-03 10:26:18 UTC
This bug is now closed. Further updates for individual products will be reflected on the CVE page(s):

https://access.redhat.com/security/cve/cve-2022-2068

Comment 21 errata-xmlrpc 2022-12-08 13:07:08 UTC
This issue has been addressed in the following products:

  JBoss Core Services on RHEL 7
  JBoss Core Services for RHEL 8

Via RHSA-2022:8840 https://access.redhat.com/errata/RHSA-2022:8840

Comment 22 errata-xmlrpc 2022-12-08 13:21:58 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Core Services

Via RHSA-2022:8841 https://access.redhat.com/errata/RHSA-2022:8841

Comment 23 errata-xmlrpc 2022-12-12 12:25:33 UTC
This issue has been addressed in the following products:

  Red Hat JBoss Web Server 5.7 on RHEL 7
  Red Hat JBoss Web Server 5.7 on RHEL 8
  Red Hat JBoss Web Server 5.7 on RHEL 9

Via RHSA-2022:8917 https://access.redhat.com/errata/RHSA-2022:8917

Comment 24 errata-xmlrpc 2022-12-12 12:39:38 UTC
This issue has been addressed in the following products:

  JWS 5.7.1 release

Via RHSA-2022:8913 https://access.redhat.com/errata/RHSA-2022:8913


Note You need to log in before you can comment on or make changes to this bug.