First published: Tue May 03 2022(Updated: )
A flaw was found in OpenSSL. The `c_rehash` script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileges of the script on these operating systems.
Credit: openssl-security@openssl.org openssl-security@openssl.org
Affected Software | Affected Version | How to fix |
---|---|---|
redhat/jbcs-httpd24-openssl | <1:1.1.1k-13.el8 | 1:1.1.1k-13.el8 |
redhat/jbcs-httpd24-openssl | <1:1.1.1k-13.el7 | 1:1.1.1k-13.el7 |
redhat/openssl | <1:1.1.1k-7.el8_6 | 1:1.1.1k-7.el8_6 |
redhat/openssl | <1:3.0.1-41.el9_0 | 1:3.0.1-41.el9_0 |
redhat/jws5-tomcat-native | <0:1.2.31-11.redhat_11.el7 | 0:1.2.31-11.redhat_11.el7 |
redhat/jws5-tomcat-native | <0:1.2.31-11.redhat_11.el8 | 0:1.2.31-11.redhat_11.el8 |
redhat/jws5-tomcat-native | <0:1.2.31-11.redhat_11.el9 | 0:1.2.31-11.redhat_11.el9 |
OpenSSL OpenSSL | >=1.0.2<1.0.2ze | |
OpenSSL OpenSSL | >=1.1.1<1.1.1o | |
OpenSSL OpenSSL | >=3.0.0<3.0.3 | |
Debian Debian Linux | =9.0 | |
Debian Debian Linux | =10.0 | |
Debian Debian Linux | =11.0 | |
Netapp Active Iq Unified Manager Vmware Vsphere | ||
Netapp Active Iq Unified Manager Vsphere | ||
Netapp Active Iq Unified Manager Windows | ||
NetApp Clustered Data ONTAP | ||
Netapp Clustered Data Ontap Antivirus Connector | ||
NetApp OnCommand Insight | ||
NetApp OnCommand Workflow Automation | ||
Netapp Santricity Smi-s Provider | ||
Netapp Smi-s Provider | ||
Netapp Snapcenter | ||
Netapp Snapmanager Hyper-v | ||
Netapp Solidfire\, Enterprise Sds \& Hci Storage Node | ||
Netapp Solidfire \& Hci Management Node | ||
Netapp A700s Firmware | ||
Netapp A700s | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
Netapp H300e Firmware | ||
Netapp H300e | ||
Netapp H500e Firmware | ||
Netapp H500e | ||
Netapp H700e Firmware | ||
Netapp H700e | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
Netapp Aff 8300 Firmware | ||
Netapp Aff 8300 | ||
Netapp Fas 8300 Firmware | ||
Netapp Fas 8300 | ||
Netapp Aff 8700 Firmware | ||
Netapp Aff 8700 | ||
Netapp Fas 8700 Firmware | ||
Netapp Fas 8700 | ||
Netapp Aff A400 Firmware | ||
Netapp Aff A400 | ||
Netapp Fabric-attached Storage A400 Firmware | ||
Netapp Fabric-attached Storage A400 | ||
Netapp A250 Firmware | ||
Netapp A250 | ||
Netapp Aff 500f Firmware | ||
Netapp Aff 500f | ||
Netapp Fas 500f Firmware | ||
Netapp Fas 500f | ||
Oracle Enterprise Manager Ops Center | =12.4.0.0 | |
Oracle Mysql Server | >=5.0.0<=5.7.38 | |
Oracle Mysql Server | >=8.0.0<=8.0.29 | |
Oracle Mysql Workbench | <=8.0.29 | |
Fedoraproject Fedora | =35 | |
Fedoraproject Fedora | =36 | |
redhat/openssl | <1.0.2 | 1.0.2 |
redhat/openssl | <1.1.1 | 1.1.1 |
redhat/openssl | <3.0.3 | 3.0.3 |
debian/openssl | 1.1.1w-0+deb11u1 1.1.1w-0+deb11u2 3.0.15-1~deb12u1 3.0.14-1~deb12u2 3.3.2-2 | |
All of | ||
Netapp A700s Firmware | ||
Netapp A700s | ||
All of | ||
Netapp H300s Firmware | ||
Netapp H300s | ||
All of | ||
Netapp H500s Firmware | ||
Netapp H500s | ||
All of | ||
Netapp H700s Firmware | ||
Netapp H700s | ||
All of | ||
Netapp H300e Firmware | ||
Netapp H300e | ||
All of | ||
Netapp H500e Firmware | ||
Netapp H500e | ||
All of | ||
Netapp H700e Firmware | ||
Netapp H700e | ||
All of | ||
Netapp H410s Firmware | ||
Netapp H410s | ||
All of | ||
Netapp Aff 8300 Firmware | ||
Netapp Aff 8300 | ||
All of | ||
Netapp Fas 8300 Firmware | ||
Netapp Fas 8300 | ||
All of | ||
Netapp Aff 8700 Firmware | ||
Netapp Aff 8700 | ||
All of | ||
Netapp Fas 8700 Firmware | ||
Netapp Fas 8700 | ||
All of | ||
Netapp Aff A400 Firmware | ||
Netapp Aff A400 | ||
All of | ||
Netapp Fabric-attached Storage A400 Firmware | ||
Netapp Fabric-attached Storage A400 | ||
All of | ||
Netapp A250 Firmware | ||
Netapp A250 | ||
All of | ||
Netapp Aff 500f Firmware | ||
Netapp Aff 500f | ||
All of | ||
Netapp Fas 500f Firmware | ||
Netapp Fas 500f |
As mentioned in the upstream security advisory, use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
(Appears in the following advisories)