Lucene search

K
redhatRedHatRHSA-2024:2577
HistoryApr 30, 2024 - 2:00 p.m.

(RHSA-2024:2577) Low: shadow-utils security update

2024-04-3014:00:10
access.redhat.com
16
rhsa-2024
shadow-utils
password leak
cve-2023-4641
unix
password files
user accounts
group accounts

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

Low

EPSS

0

Percentile

10.3%

The shadow-utils packages include programs for converting UNIX password files to
the shadow password format, as well as utilities for managing user and group
accounts.

Security Fix(es):

  • shadow-utils: possible password leak during passwd(1) change (CVE-2023-4641)

For more details about the security issue(s), including the impact, a CVSS
score, acknowledgments, and other related information, refer to the CVE page(s)
listed in the References section.

CVSS3

5.5

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

AI Score

7.4

Confidence

Low

EPSS

0

Percentile

10.3%