exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New
Showing 1 - 4 of 4 RSS Feed

CVE-2022-2068

Status Candidate

Overview

In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other places in the script where the file names of certificates being hashed were possibly passed to a command executed through the shell. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

Related Files

Red Hat Security Advisory 2022-5818-01
Posted Aug 4, 2022
Authored by Red Hat | Site access.redhat.com

Red Hat Security Advisory 2022-5818-01 - OpenSSL is a toolkit that implements the Secure Sockets Layer and Transport Layer Security protocols, as well as a full-strength general-purpose cryptography library. Issues addressed include a code execution vulnerability.

tags | advisory, code execution, protocol
systems | linux, redhat
advisories | CVE-2022-1292, CVE-2022-2068, CVE-2022-2097
SHA-256 | 61fd4ae020a65fbaad40f03e903e5c409d9a67ad1b8ac30645648f96edbe5e69
Ubuntu Security Notice USN-5488-2
Posted Jul 7, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5488-2 - USN-5488-1 fixed vulnerabilities in OpenSSL. This update provides the corresponding updates for Ubuntu 16.04 ESM. Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run.

tags | advisory, arbitrary, local, vulnerability
systems | linux, ubuntu
advisories | CVE-2022-2068
SHA-256 | 6343962f5bd4054fea3153ddc0d37cba8a263f70397cccc8e49318af82918d33
Ubuntu Security Notice USN-5488-1
Posted Jun 21, 2022
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 5488-1 - Chancen and Daniel Fiala discovered that OpenSSL incorrectly handled the c_rehash script. A local attacker could possibly use this issue to execute arbitrary commands when c_rehash is run.

tags | advisory, arbitrary, local
systems | linux, ubuntu
advisories | CVE-2022-2068
SHA-256 | 5a9ce5992671e1b5986783112d991cf1a7ac72fd0b20a0774485aa00e5df67c0
OpenSSL Toolkit 1.1.1p
Posted Jun 21, 2022
Site openssl.org

OpenSSL is a robust, fully featured Open Source toolkit implementing the Secure Sockets Layer (SSL v2/v3) and Transport Layer Security (TLS v1) protocols with full-strength cryptography world-wide.

Changes: Fixed additional bugs in the c_rehash script which was not properly sanitizing shell metacharacters to prevent command injection.
tags | tool, encryption, protocol
systems | unix
advisories | CVE-2022-2068
SHA-256 | bf61b62aaa66c7c7639942a94de4c9ae8280c08f17d4eac2e44644d9fc8ace6f
Page 1 of 1
Back1Next

File Archive:

August 2022

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    20 Files
  • 2
    Aug 2nd
    4 Files
  • 3
    Aug 3rd
    6 Files
  • 4
    Aug 4th
    55 Files
  • 5
    Aug 5th
    16 Files
  • 6
    Aug 6th
    0 Files
  • 7
    Aug 7th
    0 Files
  • 8
    Aug 8th
    13 Files
  • 9
    Aug 9th
    0 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Hosting By
Rokasec
close