UBUNTU-CVE-2023-29383
- Source
- https://ubuntu.com/security/CVE-2023-29383
- Import Source
- https://github.com/canonical/ubuntu-security-notices/blob/main/osv/cve/2023/UBUNTU-CVE-2023-29383.json
- JSON Data
- https://api.osv.dev/v1/vulns/UBUNTU-CVE-2023-29383
- Related
- Published
- 2023-04-14T22:15:00Z
- Modified
- 2025-01-13T10:24:19Z
- Severity
-
- 3.3 (Low) CVSS_V3 - CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N CVSS Calculator
- Summary
- [none]
- Details
-
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.
- References
-
- https://ubuntu.com/security/CVE-2023-29383
- https://github.com/shadow-maint/shadow/pull/687
- https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797
- https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/
- https://www.cve.org/CVERecord?id=CVE-2023-29383
Affected packages
Ubuntu:Pro:14.04:LTS / shadow
Package
- Name
- shadow
- Purl
- pkg:deb/ubuntu/shadow@1:4.1.5.1-1ubuntu9.5+esm4?arch=source&distro=esm-infra-legacy/trusty
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:16.04:LTS / shadow
Package
- Name
- shadow
- Purl
- pkg:deb/ubuntu/shadow@1:4.2-3.1ubuntu5.5+esm4?arch=source&distro=esm-infra/xenial
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:Pro:18.04:LTS / shadow
Package
- Name
- shadow
- Purl
- pkg:deb/ubuntu/shadow@1:4.5-1ubuntu2.5+esm1?arch=source&distro=esm-infra/bionic
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:20.04:LTS / shadow
Package
- Name
- shadow
- Purl
- pkg:deb/ubuntu/shadow@1:4.8.1-1ubuntu5.20.04.5?arch=source&distro=focal
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:22.04:LTS / shadow
Package
- Name
- shadow
- Purl
- pkg:deb/ubuntu/shadow@1:4.8.1-2ubuntu2.2?arch=source&distro=jammy
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affected
Ubuntu:24.04:LTS / shadow
Package
- Name
- shadow
- Purl
- pkg:deb/ubuntu/shadow@1:4.13+dfsg1-4ubuntu1?arch=source&distro=noble
Affected ranges
- Type
- ECOSYSTEM
- Events
-
Introduced0Unknown introduced version / All previous versions are affectedFixed1:4.13+dfsg1-4ubuntu1
Ecosystem specific
{
"availability": "No subscription required",
"ubuntu_priority": "low",
"binaries": [
{
"binary_version": "1:4.13+dfsg1-4ubuntu1",
"binary_name": "libsubid-dev"
},
{
"binary_version": "1:4.13+dfsg1-4ubuntu1",
"binary_name": "libsubid4"
},
{
"binary_version": "1:4.13+dfsg1-4ubuntu1",
"binary_name": "libsubid4-dbgsym"
},
{
"binary_version": "1:4.13+dfsg1-4ubuntu1",
"binary_name": "login"
},
{
"binary_version": "1:4.13+dfsg1-4ubuntu1",
"binary_name": "login-dbgsym"
},
{
"binary_version": "1:4.13+dfsg1-4ubuntu1",
"binary_name": "passwd"
},
{
"binary_version": "1:4.13+dfsg1-4ubuntu1",
"binary_name": "passwd-dbgsym"
},
{
"binary_version": "1:4.13+dfsg1-4ubuntu1",
"binary_name": "uidmap"
},
{
"binary_version": "1:4.13+dfsg1-4ubuntu1",
"binary_name": "uidmap-dbgsym"
}
]
}