3.3 Low
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
NONE
Integrity Impact
LOW
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
0.0004 Low
EPSS
Percentile
15.5%
In Shadow 4.13, it is possible to inject control characters into fields
provided to the SUID program chfn (change finger). Although it is not
possible to exploit this directly (e.g., adding a new user fails because \n
is in the block list), it is possible to misrepresent the /etc/passwd file
when viewed. Use of \r manipulations and Unicode characters to work around
blocking of the : character make it possible to give the impression that a
new user has been added. In other words, an adversary may be able to
convince a system administrator to take the system offline (an indirect,
social-engineered denial of service) by demonstrating that “cat
/etc/passwd” shows a rogue user account.
github.com/shadow-maint/shadow/pull/687
launchpad.net/bugs/cve/CVE-2023-29383
nvd.nist.gov/vuln/detail/CVE-2023-29383
security-tracker.debian.org/tracker/CVE-2023-29383
www.cve.org/CVERecord?id=CVE-2023-29383
www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/
www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797