In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.
References
Link | Resource |
---|---|
https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d | Patch |
https://github.com/shadow-maint/shadow/pull/687 | Issue Tracking |
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/ | Exploit Third Party Advisory |
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797 | Exploit Third Party Advisory |
https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d | Patch |
https://github.com/shadow-maint/shadow/pull/687 | Issue Tracking |
https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/ | Exploit Third Party Advisory |
https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797 | Exploit Third Party Advisory |
Configurations
History
06 Feb 2025, 22:15
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-125 |
21 Nov 2024, 07:56
Type | Values Removed | Values Added |
---|---|---|
References | () https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d - Patch | |
References | () https://github.com/shadow-maint/shadow/pull/687 - Issue Tracking | |
References | () https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/ - Exploit, Third Party Advisory | |
References | () https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797 - Exploit, Third Party Advisory |
24 Apr 2023, 18:05
Type | Values Removed | Values Added |
---|---|---|
CWE | CWE-74 | |
References | (MISC) https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797 - Exploit, Third Party Advisory | |
References | (MISC) https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/ - Exploit, Third Party Advisory | |
References | (MISC) https://github.com/shadow-maint/shadow/pull/687 - Issue Tracking | |
References | (MISC) https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d - Patch | |
CVSS |
v2 : v3 : |
v2 : unknown
v3 : 3.3 |
CPE | cpe:2.3:a:shadow_project:shadow:4.13:*:*:*:*:*:*:* |
14 Apr 2023, 22:45
Type | Values Removed | Values Added |
---|---|---|
New CVE |
Information
Published : 2023-04-14 22:15
Updated : 2025-02-06 22:15
NVD link : CVE-2023-29383
Mitre link : CVE-2023-29383
CVE.ORG link : CVE-2023-29383
JSON object : View
Products Affected
shadow_project
- shadow