Astra Linux - уязвимость в shadow

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly for example, adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file...

Siemens SIMATIC S7-1500 and Ruggedcom ROX Devices Improper Neutralization of Special Elements in Output Used by a Downstream Component (CVE-2023-29383)

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...

SUSE CVE-2023-29383

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...

DEBIAN-CVE-2023-29383

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...

AZL-26247 CVE-2023-29383 affecting package shadow-utils for versions less than 4.9-13

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn change finger. Although it is not possible to exploit this directly e.g., adding a new user fails because \n is in the block list, it is possible to misrepresent the /etc/passwd file when...