CVE-2023-29383

Source
https://nvd.nist.gov/vuln/detail/CVE-2023-29383
Import Source
https://storage.googleapis.com/cve-osv-conversion/osv-output/CVE-2023-29383.json
JSON Data
https://api.osv.dev/v1/vulns/CVE-2023-29383
Related
Published
2023-04-14T22:15:07Z
Modified
2025-04-18T21:56:50.432407Z
Downstream
Severity
  • 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
Summary
[none]
Details

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

References

Affected packages

Debian:11 / shadow

Package

Name
shadow
Purl
pkg:deb/debian/shadow?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:4.8.1-1+deb11u1

Affected versions

1:4.*

1:4.8.1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:12 / shadow

Package

Name
shadow
Purl
pkg:deb/debian/shadow?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected

Affected versions

1:4.*

1:4.13+dfsg1-1
1:4.13+dfsg1-2
1:4.13+dfsg1-3
1:4.13+dfsg1-4
1:4.13+dfsg1-5
1:4.15.1-1
1:4.15.2-1
1:4.15.2-2
1:4.15.2-3
1:4.15.3-1
1:4.15.3-2
1:4.15.3-3
1:4.16.0-1
1:4.16.0-2
1:4.16.0-3
1:4.16.0-4
1:4.16.0-5
1:4.16.0-6
1:4.16.0-7
1:4.17.0~rc1-1
1:4.17.0~rc1-2
1:4.17.0-1
1:4.17.1-1
1:4.17.1-2
1:4.17.2-1
1:4.17.2-2
1:4.17.2-3
1:4.17.2-4
1:4.17.2-5
1:4.17.2-5+hurd.1
1:4.17.2-6
1:4.17.3-1
1:4.17.3-2
1:4.17.3-3
1:4.17.4-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Debian:13 / shadow

Package

Name
shadow
Purl
pkg:deb/debian/shadow?arch=source

Affected ranges

Type
ECOSYSTEM
Events
Introduced
0Unknown introduced version / All previous versions are affected
Fixed
1:4.13+dfsg1-2

Affected versions

1:4.*

1:4.13+dfsg1-1

Ecosystem specific

{
    "urgency": "not yet assigned"
}

Git / github.com/shadow-maint/shadow

Affected ranges

Type
GIT
Repo
https://github.com/shadow-maint/shadow
Events
Introduced
0 Unknown introduced commit / All previous commits are affected
Fixed
Fixed

Affected versions

4.*

4.10
4.12
4.12.1
4.12.2
4.13
4.2.1
4.3.0
4.3.1
4.4
4.5
4.6
4.7
4.8
4.8.1
4.9

v4.*

v4.10
v4.11.1
v4.9