3 matches found
openssl: c_rehash script allows command injection
A flaw was found in OpenSSL. The crehash script does not properly sanitize shell meta-characters to prevent command injection. Some operating systems distribute this script in a manner where it is automatically executed. This flaw allows an attacker to execute arbitrary commands with the privileg...
OpenSSL 操作系统命令注入漏洞
OpenSSL is an open source capable general-purpose cryptographic library from the Openssl team that implements the Secure Sockets Layer SSLv2/v3 and Secure Transport Layer TLSv1 protocols. It supports a variety of cryptographic algorithms, including symmetric ciphers, hash algorithms, secure hash...
PT-2022-2691
Name of the Vulnerable Software and Affected Versions OpenSSL versions 1.0.2 through 1.0.2zd OpenSSL versions 1.1.1 through 1.1.1n OpenSSL versions 3.0.0 through 3.0.2 Description The c rehash script does not properly sanitise shell metacharacters to prevent command injection. This script is...