SB2022072806 - OS Command Injection in IBM i
Published: July 28, 2022
Security Bulletin ID
SB2022072806
Severity
Medium
Patch available
YES
Number of vulnerabilities
1
Exploitation vector
Remote access
Highest impact
Code execution
Breakdown by Severity
- Low
- Medium
- High
- Critical
Description
This security bulletin contains information about 1 security vulnerability.
1) OS Command Injection (CVE-ID: CVE-2022-2068)
The vulnerability allows a remote attacker to execute arbitrary shell commands on the target system.
The vulnerability exists due to improper input validation in the c_rehash script distributed by some operating systems. A remote attacker with ability to pass data to c_rehash script can and execute arbitrary OS commands with the privileges of the script.
The vulnerability exists due to incomplete fix for #VU62765 (CVE-2022-1292).
Remediation
Install update from vendor's website.
References
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-vulnerable-to-arbitrary-command-execution-cve-2022-2068/"
- https://www.ibm.com/blogs/psirt/security-bulletin-openssl-for-ibm-i-is-vulnerable-to-arbitrary-command-execution-cve-2022-2068/</a><br><a
- https://www.ibm.com/support/pages/node/6607559"
- https://www.ibm.com/support/pages/node/6607559</a><br><br><br></p>