Lucene search
Alpine Linux Development TeamALPINE:CVE-2023-29383HistoryApr 14, 2023 - 10:15 p.m.
CVE-2023-29383
2023-04-1422:15:07
Alpine Linux Development Team
security.alpinelinux.org
10
0.0004 Low
EPSS
Percentile
15.1%
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that “cat /etc/passwd” shows a rogue user account.
| OS | Version | Architecture | Package | Version | Filename |
|---|---|---|---|---|---|
| Alpine | edge-community | noarch | shadow | < 4.13-r4 | UNKNOWN |
| Alpine | 3.18-community | noarch | shadow | < 4.13-r3 | UNKNOWN |
| Alpine | 3.19-community | noarch | shadow | < 4.13-r4 | UNKNOWN |
| Alpine | 3.20-community | noarch | shadow | < 4.13-r4 | UNKNOWN |
Related
nessus
nessus
EulerOS 2.0 SP11 : shadow (EulerOS-SA-2023-2668)
2024-01-16 00:00:00
EulerOS Virtualization 2.11.0 : shadow (EulerOS-SA-2023-2773)
2024-01-16 00:00:00
EulerOS Virtualization 2.10.1 : shadow (EulerOS-SA-2023-2549)
2023-08-02 00:00:00
openvas
openvas
Huawei EulerOS: Security Advisory for shadow (EulerOS-SA-2023-2532)
2023-08-01 00:00:00
Huawei EulerOS: Security Advisory for shadow (EulerOS-SA-2023-2394)
2023-07-17 00:00:00
Huawei EulerOS: Security Advisory for shadow (EulerOS-SA-2023-2343)
2023-07-10 00:00:00
debiancve
debiancve
CVE-2023-29383
2023-04-14 22:15:07
ubuntucve
ubuntucve
CVE-2023-29383
2023-04-14 00:00:00
cvelist
cvelist
CVE-2023-29383
2023-04-14 00:00:00
prion
prion
Design/Logic Flaw
2023-04-14 22:15:00
veracode
veracode
Improper Neutralization Of Special Elements
2023-07-08 16:07:44
osv
osv
CVE-2023-29383
2023-04-14 22:15:07
redhatcve
redhatcve
CVE-2023-29383
2023-04-17 07:30:58
cve
cve
CVE-2023-29383
2023-04-14 22:15:07
photon
photon
Low Photon OS Security Update - PHSA-2023-3.0-0588
2023-05-30 00:00:00
Moderate Photon OS Security Update - PHSA-2024-5.0-0182
2024-01-02 00:00:00
Important Photon OS Security Update - PHSA-2023-4.0-0399
2023-05-31 00:00:00
ibm
ibm
ics
ics
Siemens SIMATIC S7-1500 CPU 1518(F)-4 PN/DP MFP V3.1
2023-12-14 12:00:00