Lucene search

K
ubuntucveUbuntu.comUB:CVE-2023-29383
HistoryApr 14, 2023 - 12:00 a.m.

CVE-2023-29383

2023-04-1400:00:00
ubuntu.com
ubuntu.com
9
shadow 4.13
control character injection
chfn
/etc/passwd
denial of service
unicode characters
system administrator

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.0004 Low

EPSS

Percentile

15.5%

In Shadow 4.13, it is possible to inject control characters into fields
provided to the SUID program chfn (change finger). Although it is not
possible to exploit this directly (e.g., adding a new user fails because \n
is in the block list), it is possible to misrepresent the /etc/passwd file
when viewed. Use of \r manipulations and Unicode characters to work around
blocking of the : character make it possible to give the impression that a
new user has been added. In other words, an adversary may be able to
convince a system administrator to take the system offline (an indirect,
social-engineered denial of service) by demonstrating that “cat
/etc/passwd” shows a rogue user account.

Bugs

3.3 Low

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

NONE

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N

0.0004 Low

EPSS

Percentile

15.5%