CVE-2023-29383
ADVISORY - ubuntuSummary
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.
Common Weakness Enumeration (CWE)
Improper Input Validation
Ubuntu
1.8
CVSS SCORE
3.3low| Package | Type | OS Name | OS Version | Affected Ranges | Fix Versions |
|---|---|---|---|---|---|
| ubuntu/shadow | deb | ubuntu | 22.04 | >=0 | Not yet available |
| ubuntu/shadow | deb | ubuntu | 16.04 | >=0 | Not yet available |
| ubuntu/shadow | deb | ubuntu | 23.04 | >=0 | Not yet available |
| ubuntu/shadow | deb | ubuntu | 14.04 | >=0 | Not yet available |
| ubuntu/shadow | deb | ubuntu | 23.10 | >=0 | Not yet available |
| ubuntu/shadow | deb | ubuntu | 22.10 | >=0 | Not yet available |
| ubuntu/shadow | deb | ubuntu | 20.04 | >=0 | Not yet available |
| ubuntu/shadow | deb | ubuntu | 18.04 | >=0 | Not yet available |
CVSS:3 Severity and metrics
The CVSS metrics represent different qualitative aspects of a vulnerability that impact the overall score, as defined by the CVSS Specification.
The vulnerable component is not bound to the network stack and the attacker's path is via read/write/execute capabilities. Either: The attacker exploits the vulnerability by accessing the target system locally (e.g., keyboard, console), or remotely (e.g., SSH); or the attacker relies on User Interaction by another person to perform actions required to exploit the vulnerability (e.g., using social engineering techniques to trick a legitimate user into opening a malicious document).
Specialized access conditions or extenuating circumstances do not exist. An attacker can expect repeatable success when attacking the vulnerable component.
The attacker requires privileges that provide basic user capabilities that could normally affect only settings and files owned by a user. Alternatively, an attacker with Low privileges has the ability to access only non-sensitive resources.
The vulnerable system can be exploited without interaction from any user.
An exploited vulnerability can only affect resources managed by the same security authority. In this case, the vulnerable component and the impacted component are either the same, or both are managed by the same security authority.
There is no loss of confidentiality.
Modification of data is possible, but the attacker does not have control over the consequence of a modification, or the amount of modification is limited. The data modification does not have a direct, serious impact on the impacted component.
There is no impact to availability within the impacted component.
NIST
CVSS SCORE
3.3lowAlpine
-
Debian
-
Red Hat
1.8
CVSS SCORE
5.5mediumintheWild
-
-