Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

TencentOS Server 2: openssl (TSSA-2025:0549)

🗓️ 11 Aug 2025 00:00:00Reported by TenableType 
nessus
 nessus🔗 www.tenable.com👁 3 Views

TencentOS Server 2 OpenSSL CVEs 2022-1292 2022-2068 2023-0215 patch c_rehash risk use rehash tool

Related
Refs
Code
ReporterTitlePublishedViews
Family
IBM Security Bulletins		Security Bulletin:IBM MQ Operator and Queue manager container images are vulnerable to multiple vulnerabilities from openssl, pcre2 and Golang Go
31 Aug 202216:17
ibm
IBM Security Bulletins		Security Bulletin: IBM Events Operator is affected by a denial of service in OpenSSL (CVE-2023-0215).
21 Sep 202314:17
ibm
IBM Security Bulletins		Security Bulletin: IBM MQ for HP NonStop Server is affected by multiple OpenSSL vulnerabilities
7 Mar 202316:55
ibm
IBM Security Bulletins		Security Bulletin: IBM Watson Explorer affected by vulnerability in OpenSSL
30 Jun 202313:51
ibm
IBM Security Bulletins		Security Bulletin: Multiple Security Vulnerabilities were identified in IBM Security Verify Access.
17 Jan 202415:16
ibm
IBM Security Bulletins		Security Bulletin: Vulnerability in OpenSSL affects IBM Rational ClearCase (CVE-2022-1292, CVE-2022-0778)
25 Jul 202214:51
ibm
IBM Security Bulletins		Security Bulletin: IBM Watson Assistant for IBM Cloud Pak for Data is vulnerable to multiple OpenSSl denial of service vulnerabilities.
5 Jul 202320:58
ibm
IBM Security Bulletins		Security Bulletin: Multiple vulnerabilities in IBM SDK for Node.js and packaged modules affect IBM Business Automation Workflow Configuration Editor
1 Mar 202309:00
ibm
IBM Security Bulletins		Security Bulletin: IBM Security Verify Access Appliance has multiple security vulnerabilities
14 Oct 202305:03
ibm
IBM Security Bulletins		Security Bulletin: IBM Rational Build Forge 8.0.0.25 addresses multiple vulnerabilities
24 Nov 202313:49
ibm
Rows per page
#%NASL_MIN_LEVEL 80900
##
# (C) Tenable, Inc.
#
# The descriptive text and package checks in this plugin were
# extracted from Tencent Linux Security Advisory TSSA-2025:0549.
##

include('compat.inc');

if (description)
{
  script_id(247822);
  script_version("1.2");
  script_set_attribute(attribute:"plugin_modification_date", value:"2025/12/04");

  script_cve_id(
    "CVE-2022-1292",
    "CVE-2022-2068",
    "CVE-2023-0215",
    "CVE-2023-0464"
  );

  script_name(english:"TencentOS Server 2: openssl (TSSA-2025:0549)");

  script_set_attribute(attribute:"synopsis", value:
"The remote TencentOS Server 2 host is missing one or more security updates.");
  script_set_attribute(attribute:"description", value:
"The version of Tencent Linux installed on the remote TencentOS Server 2 host is prior to tested version. It is,
therefore, affected by multiple vulnerabilities as referenced in the TSSA-2025:0549 advisory.

    Package updates are available for TencentOS Server 2 that fix the following vulnerabilities:

    CVE-2022-1292:
    The c_rehash script does not properly sanitise shell metacharacters to prevent command injection. This
    script is distributed by some operating systems in a manner where it is automatically executed. On such
    operating systems, an attacker could execute arbitrary commands with the privileges of the script. Use of
    the c_rehash script is considered obsolete and should be replaced by the OpenSSL rehash command line tool.
    Fixed in OpenSSL 3.0.3 (Affected 3.0.0,3.0.1,3.0.2). Fixed in OpenSSL 1.1.1o (Affected 1.1.1-1.1.1n).
    Fixed in OpenSSL 1.0.2ze (Affected 1.0.2-1.0.2zd).

    CVE-2022-2068:
    In addition to the c_rehash shell command injection identified in CVE-2022-1292, further circumstances
    where the c_rehash script does not properly sanitise shell metacharacters to prevent command injection
    were found by code review. When the CVE-2022-1292 was fixed it was not discovered that there are other
    places in the script where the file names of certificates being hashed were possibly passed to a command
    executed through the shell. This script is distributed by some operating systems in a manner where it is
    automatically executed. On such operating systems, an attacker could execute arbitrary commands with the
    privileges of the script. Use of the c_rehash script is considered obsolete and should be replaced by the
    OpenSSL rehash command line tool. Fixed in OpenSSL 3.0.4 (Affected 3.0.0,3.0.1,3.0.2,3.0.3). Fixed in
    OpenSSL 1.1.1p (Affected 1.1.1-1.1.1o). Fixed in OpenSSL 1.0.2zf (Affected 1.0.2-1.0.2ze).

    CVE-2023-0215:
    The public API function BIO_new_NDEF is a helper function used for streaming
    ASN.1 data via a BIO. It is primarily used internally to OpenSSL to support the
    SMIME, CMS and PKCS7 streaming capabilities, but may also be called directly by
    end user applications.

    The function receives a BIO from the caller, prepends a new BIO_f_asn1 filter
    BIO onto the front of it to form a BIO chain, and then returns the new head of
    the BIO chain to the caller. Under certain conditions, for example if a CMS
    recipient public key is invalid, the new filter BIO is freed and the function
    returns a NULL result indicating a failure. However, in this case, the BIO chain
    is not properly cleaned up and the BIO passed by the caller still retains
    internal pointers to the previously freed filter BIO. If the caller then goes on
    to call BIO_pop() on the BIO then a use-after-free will occur. This will most
    likely result in a crash.



    This scenario occurs directly in the internal function B64_write_ASN1() which
    may cause BIO_new_NDEF() to be called and will subsequently call BIO_pop() on
    the BIO. This internal function is in turn called by the public API functions
    PEM_write_bio_ASN1_stream, PEM_write_bio_CMS_stream, PEM_write_bio_PKCS7_stream,
    SMIME_write_ASN1, SMIME_write_CMS and SMIME_write_PKCS7.

    Other public API functions that may be impacted by this include
    i2d_ASN1_bio_stream, BIO_new_CMS, BIO_new_PKCS7, i2d_CMS_bio_stream and
    i2d_PKCS7_bio_stream.

    The OpenSSL cms and smime command line applications are similarly affected.

    CVE-2023-0464:
    A security vulnerability has been identified in all supported versions

    of OpenSSL related to the verification of X.509 certificate chains
    that include policy constraints.  Attackers may be able to exploit this
    vulnerability by creating a malicious certificate chain that triggers
    exponential use of computational resources, leading to a denial-of-service
    (DoS) attack on affected systems.

    Policy processing is disabled by default but can be enabled by passing
    the `-policy/' argument to the command line utilities or by calling the
    `X509_VERIFY_PARAM_set1_policies()/' function.

Tenable has extracted the preceding description block directly from the Tencent Linux security advisory.

Note that Nessus has not tested for these issues but has instead relied only on the application's self-reported version
number.");
  script_set_attribute(attribute:"see_also", value:"https://mirrors.tencent.com/tlinux/errata/tssa-20250549.xml");
  script_set_attribute(attribute:"solution", value:
"Update the affected packages.");
  script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:C/I:C/A:C");
  script_set_cvss_temporal_vector("CVSS2#E:POC/RL:OF/RC:C");
  script_set_cvss3_base_vector("CVSS:3.0/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:H/A:H");
  script_set_cvss3_temporal_vector("CVSS:3.0/E:P/RL:O/RC:C");
  script_set_attribute(attribute:"cvss_score_source", value:"CVE-2022-2068");

  script_set_attribute(attribute:"exploitability_ease", value:"Exploits are available");
  script_set_attribute(attribute:"exploit_available", value:"true");

  script_set_attribute(attribute:"vuln_publication_date", value:"2025/08/05");
  script_set_attribute(attribute:"patch_publication_date", value:"2025/08/05");
  script_set_attribute(attribute:"plugin_publication_date", value:"2025/08/11");

  script_set_attribute(attribute:"plugin_type", value:"local");
  script_set_attribute(attribute:"cpe", value:"cpe:/o:tencent:tencentos_server:2");
  script_set_attribute(attribute:"cpe", value:"p-cpe:/a:tencent:tencentos_server:openssl");
  script_set_attribute(attribute:"generated_plugin", value:"current");
  script_end_attributes();

  script_category(ACT_GATHER_INFO);
  script_family(english:"Tencent Local Security Checks");

  script_copyright(english:"This script is Copyright (C) 2025 and is owned by Tenable, Inc. or an Affiliate thereof.");

  script_dependencies("ssh_get_info2.nasl");
  script_require_keys("Host/local_checks_enabled", "Host/etc/os-release", "Host/TencentOS/rpm-list", "Host/cpu");

  exit(0);
}


include('rpm2.inc');

if (!get_kb_item('Host/local_checks_enabled')) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
var os_product = get_kb_item('installed_os/local/SSH/0/product');
if (isnull(os_product) || 'TencentOS' >!< os_product) audit(AUDIT_OS_NOT, 'TencentOS');
var os_version = get_kb_item('installed_os/local/SSH/0/version');
if (isnull(os_version)) audit(AUDIT_UNKNOWN_APP_VER, 'TencentOS');
if (! preg(pattern:"^2([^0-9]|$)", string:os_version)) audit(AUDIT_OS_NOT, 'TencentOS 2.x', 'TencentOS ' + os_version);

if (!get_kb_item('Host/TencentOS/rpm-list')) audit(AUDIT_PACKAGE_LIST_MISSING);

var cpu = get_kb_item('Host/cpu');
if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
if ('x86_64' >!< cpu && cpu !~ "^i[3-6]86$" && 's390' >!< cpu && 'aarch64' >!< cpu) audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, 'TencentOS', cpu);

var constraints = [
  {
    'release': '2',
    'pkgs': [
      {'reference':'openssl-1.0.2k-26.tl2.2', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'openssl-1.0.2k-26.tl2.2', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'openssl-debuginfo-1.0.2k-26.tl2.2', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'openssl-debuginfo-1.0.2k-26.tl2.2', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'openssl-devel-1.0.2k-26.tl2.2', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'openssl-devel-1.0.2k-26.tl2.2', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'openssl-libs-1.0.2k-26.tl2.2', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'openssl-libs-1.0.2k-26.tl2.2', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'openssl-perl-1.0.2k-26.tl2.2', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'openssl-perl-1.0.2k-26.tl2.2', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'openssl-static-1.0.2k-26.tl2.2', 'cpu':'aarch64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'},
      {'reference':'openssl-static-1.0.2k-26.tl2.2', 'cpu':'x86_64', 'rpm_spec_vers_cmp':TRUE, 'epoch':'1'}
    ]
  }
];

var os_release = get_one_kb_item('installed_os/local/SSH/0/release');
var os_sp = get_one_kb_item('Host/*/minor_release');

var flag = 0;
var reference;
var sp;
var _cpu;
var el_string;
var rpm_spec_vers_cmp;
var epoch;
var allowmaj;
var exists_check;
var cves;
foreach var constraint ( constraints ) {
  # Check that the target release is equal to the affected release
  if (!empty_or_null(constraint['release'])){
    if (constraint['release'] != os_release) continue;
  }
  if (!empty_or_null(constraint['sp'])){
    if (constraint['sp'] != os_sp) continue;
  }
  foreach var pkg ( constraint['pkgs'] ) {
    reference = NULL;
    sp = NULL;
    _cpu = NULL;
    el_string = NULL;
    rpm_spec_vers_cmp = NULL;
    epoch = NULL;
    allowmaj = NULL;
    exists_check = NULL;
    cves = NULL;
    if (!empty_or_null(pkg['reference'])) reference = pkg['reference'];
    if (!empty_or_null(pkg['sp'])) sp = pkg['sp'];
    if (!empty_or_null(pkg['cpu'])) _cpu = pkg['cpu'];
    if (!empty_or_null(pkg['el_string'])) el_string = pkg['el_string'];
    if (!empty_or_null(pkg['rpm_spec_vers_cmp'])) rpm_spec_vers_cmp = pkg['rpm_spec_vers_cmp'];
    if (!empty_or_null(pkg['epoch'])) epoch = pkg['epoch'];
    if (!empty_or_null(pkg['allowmaj'])) allowmaj = pkg['allowmaj'];
    if (!empty_or_null(pkg['exists_check'])) exists_check = pkg['exists_check'];
    if (!empty_or_null(pkg['cves'])) cves = pkg['cves'];
    if (reference &&
        ## (no known rpm to check OR known rpm_exists)
        (!exists_check || rpm_exists(rpm:exists_check)) &&
        rpm_check(sp:sp, cpu:_cpu, reference:reference, epoch:epoch, el_string:el_string, rpm_spec_vers_cmp:rpm_spec_vers_cmp, allowmaj:allowmaj, cves:cves)) flag++;
  }
}

if (flag)
{
  security_report_v4(
      port       : 0,
      severity   : SECURITY_HOLE,
      extra      : rpm_report_get()
  );
  exit(0);
}
else
{
  var tested = pkg_tests_get();
  if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
  else audit(AUDIT_PACKAGE_NOT_INSTALLED, 'openssl / openssl-debuginfo / openssl-devel / etc');
}

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
04 Dec 2025 00:00Current
7.6High risk
Vulners AI Score7.6
CVSS 3.17.5 - 9.8
CVSS 210
EPSS0.38894
SSVC
tencentos server 2; openssl vulnerabilities; openssl 2022-1292; openssl 2022-2068; openssl 2023-0215; c_rehash risk; rehash tool; security advisory; patches available
3