Vulnerability CVE-2022-1292: Information

Description

The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is distributed by some operating systems in a manner where it is automatically executed. On such operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n). Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

Severity: CRITICAL (9.8) Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

URL: https://nvd.nist.gov/vuln/detail/CVE-2022-1292

Published: May 3, 2022

Modified: Nov. 7, 2023

Error type identifier: CWE-78

Fixed packages

Package name	Branch	Fixed in version	Version from repository	Errata ID	Task #	State
MySQL	sisyphus	8.0.30-alt1	8.0.36-alt1	ALT-PU-2022-2552-1	305695	Fixed
MySQL	sisyphus_e2k	8.0.30-alt1.1	8.0.36-alt1	ALT-PU-2022-5946-1	-	Fixed
MySQL	sisyphus_riscv64	8.0.30-alt0.1.rv64	8.0.30-alt0.2.rv64	ALT-PU-2022-5950-1	-	Fixed
MySQL	p10	8.0.30-alt1.1	8.0.36-alt1	ALT-PU-2022-3102-1	310035	Fixed
MySQL	p10_e2k	8.0.30-alt1.1	8.0.36-alt1	ALT-PU-2022-7097-1	-	Fixed
MySQL	c10f1	8.0.30-alt1.1	8.0.36-alt1	ALT-PU-2022-3102-1	310035	Fixed
MySQL	c9f2	8.0.30-alt1.0.c9.1	8.0.36-alt0.c9.1	ALT-PU-2023-1912-1	321845	Fixed
openssl1.1	sisyphus	1.1.1p-alt1	1.1.1w-alt1	ALT-PU-2022-2132-1	302495	Fixed
openssl1.1	sisyphus_e2k	1.1.1q-alt1	1.1.1w-alt1	ALT-PU-2022-5491-1	-	Fixed
openssl1.1	sisyphus_riscv64	1.1.1p-alt1	1.1.1w-alt1	ALT-PU-2022-5284-1	-	Fixed
openssl1.1	p10	1.1.1p-alt1	1.1.1w-alt0.p10.1	ALT-PU-2022-2139-1	302511	Fixed
openssl1.1	p10_e2k	1.1.1p-alt1	1.1.1w-alt0.p10.1	ALT-PU-2022-5309-1	-	Fixed
openssl1.1	p9	1.1.1t-alt1	1.1.1u-alt1	ALT-PU-2023-1299-1	314826	Fixed
openssl1.1	p9_e2k	1.1.1t-alt1	1.1.1u-alt1	ALT-PU-2023-2672-1	-	Fixed
openssl1.1	c10f1	1.1.1p-alt1	1.1.1w-alt0.p10.1	ALT-PU-2022-2139-1	302511	Fixed
openssl1.1	c9f2	1.1.1q-alt1	1.1.1w-alt0.p9.1	ALT-PU-2022-3072-1	303505	Fixed

References to Advisories, Solutions, and Tools

Hyperlink	Resource
https://www.openssl.org/news/secadv/20220503.txt	Vendor Advisory
[debian-lts-announce] 20220515 [SECURITY] [DLA 3008-1] openssl security update	Mailing List Third Party Advisory
DSA-5139	Third Party Advisory
https://security.netapp.com/advisory/ntap-20220602-0009/	Third Party Advisory
https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2022-0011	Third Party Advisory
N/A	Third Party Advisory
https://security.netapp.com/advisory/ntap-20220729-0004/	Third Party Advisory
GLSA-202210-02	Third Party Advisory
https://cert-portal.siemens.com/productcert/pdf/ssa-953464.pdf
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=1ad73b4d27bd8c1b369a3cd453681d3a4f1bb9b2
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=e5fd1728ef4c7a5bf7c7a7163ca60370460a6e23
https://git.openssl.org/gitweb/?p=openssl.git%3Ba=commitdiff%3Bh=548d3f280a6e737673f5b61fce24bb100108dfeb
FEDORA-2022-b651cb69e6
FEDORA-2022-c9c02865f6

Affected configurations:
1. Configuration 1
  cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  Start including
  3.0.0
  End excliding
  3.0.3
  cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  Start including
  1.0.2
  End excliding
  1.0.2ze
  cpe:2.3:a:openssl:openssl:*:*:*:*:*:*:*:*
  Start including
  1.1.1
  End excliding
  1.1.1o
  
  Configuration 2
  cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  cpe:2.3:o:debian:debian_linux:11.0:*:*:*:*:*:*:*
  
  Configuration 3
  cpe:2.3:a:netapp:santricity_smi-s_provider:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:snapcenter:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:oncommand_workflow_automation:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:oncommand_insight:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:clustered_data_ontap:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:smi-s_provider:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:clustered_data_ontap_antivirus_connector:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:solidfire_\&_hci_management_node:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vmware_vsphere:*:*
  cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:windows:*:*
  cpe:2.3:a:netapp:solidfire\,_enterprise_sds_\&_hci_storage_node:-:*:*:*:*:*:*:*
  cpe:2.3:a:netapp:active_iq_unified_manager:-:*:*:*:*:vsphere:*:*
  cpe:2.3:a:netapp:snapmanager:-:*:*:*:*:hyper-v:*:*
  
  Configuration 4
  cpe:2.3:o:netapp:a700s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:a700s:-:*:*:*:*:*:*:*
  
  Configuration 5
  cpe:2.3:o:netapp:h300s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h300s:-:*:*:*:*:*:*:*
  
  Configuration 6
  cpe:2.3:o:netapp:h500s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h500s:-:*:*:*:*:*:*:*
  
  Configuration 7
  cpe:2.3:o:netapp:h700s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h700s:-:*:*:*:*:*:*:*
  
  Configuration 8
  cpe:2.3:o:netapp:h300e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h300e:-:*:*:*:*:*:*:*
  
  Configuration 9
  cpe:2.3:o:netapp:h500e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h500e:-:*:*:*:*:*:*:*
  
  Configuration 10
  cpe:2.3:o:netapp:h700e_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h700e:-:*:*:*:*:*:*:*
  
  Configuration 11
  cpe:2.3:o:netapp:h410s_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:h410s:-:*:*:*:*:*:*:*
  
  Configuration 12
  cpe:2.3:o:netapp:aff_8300_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:aff_8300:-:*:*:*:*:*:*:*
  
  Configuration 13
  cpe:2.3:o:netapp:fas_8300_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:fas_8300:-:*:*:*:*:*:*:*
  
  Configuration 14
  cpe:2.3:o:netapp:aff_8700_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:aff_8700:-:*:*:*:*:*:*:*
  
  Configuration 15
  cpe:2.3:o:netapp:fas_8700_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:fas_8700:-:*:*:*:*:*:*:*
  
  Configuration 16
  cpe:2.3:o:netapp:aff_a400_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:aff_a400:-:*:*:*:*:*:*:*
  
  Configuration 17
  cpe:2.3:o:netapp:fabric-attached_storage_a400_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:fabric-attached_storage_a400:-:*:*:*:*:*:*:*
  
  Configuration 18
  cpe:2.3:o:netapp:a250_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:a250:-:*:*:*:*:*:*:*
  
  Configuration 19
  cpe:2.3:o:netapp:aff_500f_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:aff_500f:-:*:*:*:*:*:*:*
  
  Configuration 20
  cpe:2.3:o:netapp:fas_500f_firmware:-:*:*:*:*:*:*:*
  Running on/with:
  cpe:2.3:h:netapp:fas_500f:-:*:*:*:*:*:*:*
  
  Configuration 21
  cpe:2.3:a:oracle:enterprise_manager_ops_center:12.4.0.0:*:*:*:*:*:*:*
  cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
  Start including
  8.0.0
  End including
  8.0.29
  cpe:2.3:a:oracle:mysql_workbench:*:*:*:*:*:*:*:*
  End including
  8.0.29
  cpe:2.3:a:oracle:mysql_server:*:*:*:*:*:*:*:*
  Start including
  5.0.0
  End including
  5.7.38
  
  Configuration 22
  cpe:2.3:o:fedoraproject:fedora:35:*:*:*:*:*:*:*
  cpe:2.3:o:fedoraproject:fedora:36:*:*:*:*:*:*:*

Version: v24.5.0

Vulnerability CVE-2022-1292: Information

Description

Fixed packages

References to Advisories, Solutions, and Tools

Configuration 1

Configuration 2

Configuration 3

Configuration 4

Configuration 5

Configuration 6

Configuration 7

Configuration 8

Configuration 9

Configuration 10

Configuration 11

Configuration 12

Configuration 13

Configuration 14

Configuration 15

Configuration 16

Configuration 17

Configuration 18

Configuration 19

Configuration 20

Configuration 21

Configuration 22