SUBJECT: Action Required: OpenSSL 1.1.1 Vulnerability Mitigation
TECH STACK: OpenSSL
DATE(S) ISSUED: 06/21/2022
NVD LAST MODIFIED: 10/19/2023
CRITICALITY: CRITICAL
OVERVIEW: This advisory outlines necessary actions to address a critical vulnerability in OpenSSL versions prior to 1.1.1p, identified under CVE-2022-2068. The vulnerability stems from improper sanitation of shell metacharacters by the c_rehash
script, potentially leading to command injection attacks. This document details the vulnerability and provides steps for mitigation to safeguard your systems against potential exploits.
VULNERABILITY DETAILS:
c_rehash
script, used for rehashing SSL certificates, fails to properly sanitize input. This flaw could allow an attacker to execute arbitrary commands with the script's privileges. The issue also extends to OpenSSL versions 3.0.0 through 3.0.3 and 1.0.2 through 1.0.2ze.c_rehash
is deemed obsolete, with the recommendation to use the OpenSSL rehash
command line tool instead.SOLUTION/MITIGATION:
c_rehash
Usage: Transition to using the rehash
tool for certificate hashing tasks to avoid the vulnerabilities associated with c_rehash
.ADDITIONAL INFORMATION:
VERIFICATION:
c_rehash
in favor of the recommended tool.REFERENCES:
ACTION ITEMS:
c_rehash
script with the rehash
tool.Your prompt attention to this matter is essential to maintain the security and integrity of your systems.