CVE-2023-29383

Exploit

EPSS 0.04%
Veröffentlicht 14.04.2023 22:15:07
Zuletzt bearbeitet 03.11.2025 20:16:01
Quelle cve@mitre.org
CVE-Watchlists
Login
Unerledigt
Login

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

Betroffene Produkte Warnungen 0 Metriken 2 CWE 2 Referenzen 8

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Shadow Project ≫ Shadow Version4.13

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	0.04%	0.098

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	3.3	1.8	1.4	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-74 Improper Neutralization of Special Elements in Output Used by a Downstream Component ('Injection')

The product constructs all or part of a command, data structure, or record using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify how it is parsed or interpreted when it is sent to a downstream component.

https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d

Patch

https://github.com/shadow-maint/shadow/pull/687

Issue Tracking

https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/

Third Party Advisory

Exploit

https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797

Third Party Advisory

Exploit

https://lists.debian.org/debian-lts-announce/2025/04/msg00026.html

https://nvd.nist.gov/vuln/detail/CVE-2023-29383

CVE Source (NVD)

https://cveawg.mitre.org/api/cve/CVE-2023-29383

CVE Source (JSON)

https://euvd.enisa.europa.eu/vulnerability/CVE-2023-29383

EUVD