CVE-2022-2068: The c_rehash script allows command injection
First published: Wed Jun 15 2022(Updated: )
A flaw was found in OpenSSL. The issue in CVE-2022-1292 did not find other places in the `c_rehash` script where it possibly passed the file names of certificates being hashed to a command executed through the shell. Some operating systems distribute this script in a manner where it is automatically executed. On these operating systems, this flaw allows an attacker to execute arbitrary commands with the privileges of the script.
Credit: openssl-security@openssl.org openssl-security@openssl.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| redhat/jbcs-httpd24-openssl | <1:1.1.1k-13.el8 | 1:1.1.1k-13.el8 |
| redhat/jbcs-httpd24-openssl | <1:1.1.1k-13.el7 | 1:1.1.1k-13.el7 |
| redhat/openssl | <1:1.1.1k-7.el8_6 | 1:1.1.1k-7.el8_6 |
| redhat/openssl | <1:3.0.1-41.el9_0 | 1:3.0.1-41.el9_0 |
| redhat/jws5-tomcat-native | <0:1.2.31-11.redhat_11.el7 | 0:1.2.31-11.redhat_11.el7 |
| redhat/jws5-tomcat-native | <0:1.2.31-11.redhat_11.el8 | 0:1.2.31-11.redhat_11.el8 |
| redhat/jws5-tomcat-native | <0:1.2.31-11.redhat_11.el9 | 0:1.2.31-11.redhat_11.el9 |
| redhat/openssl | <1.0.2 | 1.0.2 |
| redhat/openssl | <1.1.1 | 1.1.1 |
| redhat/openssl | <3.0.4 | 3.0.4 |
| OpenSSL OpenSSL | >=1.0.2<1.0.2zf | |
| OpenSSL OpenSSL | >=1.1.1<1.1.1p | |
| OpenSSL OpenSSL | >=3.0.0<3.0.4 | |
| Debian Debian Linux | =10.0 | |
| Debian Debian Linux | =11.0 | |
| Fedoraproject Fedora | =35 | |
| Fedoraproject Fedora | =36 | |
| Siemens Sinec Ins | <1.0 | |
| Siemens Sinec Ins | =1.0 | |
| Siemens Sinec Ins | =1.0-sp1 | |
| Siemens Sinec Ins | =1.0-sp2 | |
| Netapp Element Software | ||
| Netapp Hci Management Node | ||
| Netapp Ontap Antivirus Connector | ||
| NetApp ONTAP Select Deploy administration utility | ||
| Netapp Santricity Smi-s Provider | ||
| Netapp Smi-s Provider | ||
| Netapp Snapmanager Hyper-v | ||
| Netapp Solidfire | ||
| Netapp Bootstrap Os | ||
| Netapp Hci Compute Node | ||
| Netapp H615c Firmware | ||
| Netapp H615c | ||
| Netapp H610s Firmware | ||
| Netapp H610s | ||
| Netapp H610c Firmware | ||
| Netapp H610c | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| Netapp Fas 8300 Firmware | ||
| Netapp Fas 8300 | ||
| Netapp Fas 8700 Firmware | ||
| Netapp Fas 8700 | ||
| Netapp Fas A400 Firmware | ||
| Netapp Fas A400 | ||
| Netapp Aff 8300 Firmware | ||
| Netapp Aff 8300 | ||
| Netapp Aff 8700 Firmware | ||
| Netapp Aff 8700 | ||
| Netapp Aff A400 Firmware | ||
| Netapp Aff A400 | ||
| Broadcom Sannav | ||
| All of | ||
| Netapp Bootstrap Os | ||
| Netapp Hci Compute Node | ||
| All of | ||
| Netapp H615c Firmware | ||
| Netapp H615c | ||
| All of | ||
| Netapp H610s Firmware | ||
| Netapp H610s | ||
| All of | ||
| Netapp H610c Firmware | ||
| Netapp H610c | ||
| All of | ||
| Netapp H410c Firmware | ||
| Netapp H410c | ||
| All of | ||
| Netapp H300s Firmware | ||
| Netapp H300s | ||
| All of | ||
| Netapp H500s Firmware | ||
| Netapp H500s | ||
| All of | ||
| Netapp H700s Firmware | ||
| Netapp H700s | ||
| All of | ||
| Netapp H410s Firmware | ||
| Netapp H410s | ||
| All of | ||
| Netapp Fas 8300 Firmware | ||
| Netapp Fas 8300 | ||
| All of | ||
| Netapp Fas 8700 Firmware | ||
| Netapp Fas 8700 | ||
| All of | ||
| Netapp Fas A400 Firmware | ||
| Netapp Fas A400 | ||
| All of | ||
| Netapp Aff 8300 Firmware | ||
| Netapp Aff 8300 | ||
| All of | ||
| Netapp Aff 8700 Firmware | ||
| Netapp Aff 8700 | ||
| All of | ||
| Netapp Aff A400 Firmware | ||
| Netapp Aff A400 | ||
| debian/openssl | 1.1.1w-0+deb11u1 1.1.1w-0+deb11u2 3.0.15-1~deb12u1 3.0.14-1~deb12u2 3.3.2-2 |
Remedy
As mentioned in the upstream security advisory, use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command-line tool.
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://www.cve.org/CVERecord?id=CVE-2022-2068 https://nvd.nist.gov/vuln/detail/CVE-2022-2068 https://www.openssl.org/news/secadv/20220621.txt
- https://bugzilla.redhat.com/show_bug.cgi?id=2097310
- https://access.redhat.com/errata/RHSA-2022:8840
- https://access.redhat.com/errata/RHSA-2022:5818
- https://access.redhat.com/errata/RHSA-2022:6224
- https://access.redhat.com/errata/RHSA-2022:8841
- https://access.redhat.com/errata/RHSA-2022:8913
- https://access.redhat.com/errata/RHSA-2022:8917
- https://access.redhat.com/security/cve/cve-2022-2068
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=2c9c35870601b4a44d86ddbf512b38df38285cfa
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
- https://git.openssl.org/gitweb/?p=openssl.git;a=commitdiff;h=9639817dac8bbbaa64d09efad7464ccc405527c7
- https://www.openssl.org/news/secadv/20220621.txt
- https://www.debian.org/security/2022/dsa-5169
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/
- https://security.netapp.com/advisory/ntap-20220707-0008/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
- https://cert-portal.siemens.com/productcert/pdf/ssa-332410.pdf
- https://launchpad.net/bugs/cve/CVE-2022-2068
- https://access.redhat.com/security/cve/CVE-2022-1292
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2099974
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2099971
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2099972
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2099975
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2099969
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2099970
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=2099973
- https://github.com/openssl/openssl/commit/2c9c35870601b4a44d86ddbf512b38df38285cfa
- https://github.com/openssl/openssl/commit/9639817dac8bbbaa64d09efad7464ccc405527c7
- https://github.com/openssl/openssl/commit/7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
- https://github.com/openssl/openssl/commit/8a3579a7b7067a983e69a4eda839ac408c120739
- https://access.redhat.com/errata/RHSA-2023:5931
- https://access.redhat.com/errata/RHSA-2023:5979
- https://access.redhat.com/errata/RHSA-2023:5980
- https://access.redhat.com/errata/RHSA-2023:5982
- https://access.redhat.com/errata/RHSA-2023:6818
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=2c9c35870601b4a44d86ddbf512b38df38285cfa
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=7a9c027159fe9e1bbc2cd38a8a2914bff0d5abd9
- https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=9639817dac8bbbaa64d09efad7464ccc405527c7
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/6WZZBKUHQFGSKGNXXKICSRPL7AMVW5M5/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/VCMNWKERPBKOEBNL7CLTTX3ZZCZLH7XA/
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2022-2068
- https://nvd.nist.gov/vuln/detail/CVE-2022-2068
- https://security-tracker.debian.org/tracker/CVE-2022-2068
- https://ubuntu.com/security/CVE-2022-2068
- https://exchange.xforce.ibmcloud.com/vulnerabilities/226018
- https://www.ibm.com/support/pages/node/6952319 (Advisory)
Parent vulnerabilities
(Appears in the following advisories)
Frequently Asked Questions
What is the vulnerability ID?
The vulnerability ID is CVE-2022-2068.
What is the severity of CVE-2022-2068?
The severity of CVE-2022-2068 is critical with a severity value of 9.8.
What is the affected software?
The affected software includes OpenSSL versions 1.0.2 to 1.0.2zf, 1.1.1 to 1.1.1p, and 3.0.0 to 3.0.4, as well as certain packages from Red Hat, Debian, and other sources.
How can a remote attacker exploit CVE-2022-2068?
A remote attacker can exploit CVE-2022-2068 by injecting arbitrary commands into the c_rehash script, leading to command injection and potential execution of arbitrary commands on the system.
Are there any remediation steps available?
Yes, there are remediation steps available. Please refer to the provided references for detailed instructions and patches.
- collector/redhat-cve
- agent/type
- agent/first-publish-date
- collector/launchpad-cve
- source/Launchpad
- agent/author
- agent/severity
- agent/remedy
- agent/weakness
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2022-2068
- agent/software-canonical-lookup
- collector/nvd-index
- agent/software-canonical-lookup-request
- collector/nvd-cve
- source/NVD
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/title
- agent/references
- agent/tags
- collector/usn-cve
- source/Ubuntu
- agent/event
- agent/description
- collector/security-tracker-debian
- source/Debian
- agent/softwarecombine
- collector/ibm-support
- source/IBM
- package-manager/redhat
- vendor/openssl
- canonical/openssl openssl
- version/openssl openssl/1.0.2
- version/openssl openssl/1.1.1
- version/openssl openssl/3.0.0
- vendor/debian
- canonical/debian debian linux
- version/debian debian linux/10.0
- version/debian debian linux/11.0
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/35
- version/fedoraproject fedora/36
- vendor/siemens
- canonical/siemens sinec ins
- version/siemens sinec ins/1.0
- version/siemens sinec ins/1.0-sp1
- version/siemens sinec ins/1.0-sp2
- vendor/netapp
- canonical/netapp element software
- canonical/netapp hci management node
- canonical/netapp ontap antivirus connector
- canonical/netapp ontap select deploy administration utility
- canonical/netapp santricity smi-s provider
- canonical/netapp smi-s provider
- canonical/netapp snapmanager hyper-v
- canonical/netapp solidfire
- canonical/netapp bootstrap os
- canonical/netapp hci compute node
- canonical/netapp h615c firmware
- canonical/netapp h615c
- canonical/netapp h610s firmware
- canonical/netapp h610s
- canonical/netapp h610c firmware
- canonical/netapp h610c
- canonical/netapp h410c firmware
- canonical/netapp h410c
- canonical/netapp h300s firmware
- canonical/netapp h300s
- canonical/netapp h500s firmware
- canonical/netapp h500s
- canonical/netapp h700s firmware
- canonical/netapp h700s
- canonical/netapp h410s firmware
- canonical/netapp h410s
- canonical/netapp fas 8300 firmware
- canonical/netapp fas 8300
- canonical/netapp fas 8700 firmware
- canonical/netapp fas 8700
- canonical/netapp fas a400 firmware
- canonical/netapp fas a400
- canonical/netapp aff 8300 firmware
- canonical/netapp aff 8300
- canonical/netapp aff 8700 firmware
- canonical/netapp aff 8700
- canonical/netapp aff a400 firmware
- canonical/netapp aff a400
- vendor/broadcom
- canonical/broadcom sannav
- package-manager/debian