CVE-2023-29383Injection in Project Shadow

CWE-74InjectionCWE-125Out-of-bounds ReadCWE-20Improper Input Validation7 documents7 sources
Severity
3.3LOWNVD
EPSS
0.0%
top 92.09%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
1
Shadow Project Shadow
Timeline
PublishedApr 14
Latest updateApr 15

Description

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:NExploitability: 1.8 | Impact: 1.4

Affected Packages2 packages

Debianshadow_project/shadow< 1:4.8.1-1+deb11u1+3

Patches

Patch: github.comPatch: github.com

🔴Vulnerability Details

3
GHSA
GHSA-p9w4-8hh8-crcx: In Shadow 42023-04-15
CVEList
CVE-2023-29383: In Shadow 42023-04-14
OSV
CVE-2023-29383: In Shadow 42023-04-14

📋Vendor Advisories

3
Red Hat
shadow: Improper input validation in shadow-utils package utility chfn2023-04-15
Microsoft
In Shadow 4.13 it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g. adding a new user f2023-04-11
Debian
CVE-2023-29383: shadow - In Shadow 4.13, it is possible to inject control characters into fields provided...2023
CVE-2023-29383 — Injection in Shadow Project Shadow | cvebase