Bugzilla – Bug 1210507
VUL-0: CVE-2023-29383: shadow: apparent /etc/shadow manipulation via chfn
Last modified: 2024-04-11 10:27:37 UTC
CVE-2023-29383 In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. References: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2023-29383 https://bugzilla.redhat.com/show_bug.cgi?id=2187184 https://www.cve.org/CVERecord?id=CVE-2023-29383 http://www.cvedetails.com/cve/CVE-2023-29383/ https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d https://github.com/shadow-maint/shadow/pull/687 https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/ https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797
Affected: - SUSE:SLE-12-SP2:Update/shadow - SUSE:SLE-12-SP5:Update/shadow - SUSE:SLE-15-SP1:Update/shadow - SUSE:SLE-15-SP3:Update/shadow - SUSE:SLE-15-SP4:Update/shadow - SUSE:SLE-15-SP4:Update:Products:Micro54:Update/shadow
Factory: SR#1080172 SUSE_SLE-12-SP2_Update: SR#295096 SUSE_SLE-12-SP5_Update: SR#295097 SUSE_SLE-15-SP1_Update: SR#295098 SUSE_SLE-15-SP3_Update: SR#295100 SUSE_SLE-15-SP4_Update: SR#295101 e5905c4b84d4fb90aefcd96ee618411ebfac663d intends to fix the bug but introduces a mistake. Took 2eaea70111f65b16d55998386e4ceb4273c19eb4 as well. (In reply to Carlos López from comment #1) > Affected: > - SUSE:SLE-15-SP4:Update:Products:Micro54:Update/shadow Does that need a separate submission? How should I branch this using osc?
This is an autogenerated message for OBS integration: This bug (1210507) was mentioned in https://build.opensuse.org/request/show/1080172 Factory / shadow
(In reply to Michael Vetter from comment #2) > (In reply to Carlos López from comment #1) > > Affected: > > - SUSE:SLE-15-SP4:Update:Products:Micro54:Update/shadow > > Does that need a separate submission? > How should I branch this using osc? Yes. isc branch -c -M SUSE:SLE-15-SP4:Update:Products:Micro54:Update/shadow
(In reply to Marcus Meissner from comment #5) > (In reply to Michael Vetter from comment #2) > > > (In reply to Carlos López from comment #1) > > > Affected: > > > - SUSE:SLE-15-SP4:Update:Products:Micro54:Update/shadow > > > > Does that need a separate submission? > > How should I branch this using osc? > > > > Yes. > > isc branch -c -M SUSE:SLE-15-SP4:Update:Products:Micro54:Update/shadow Thanks! SR#295436
SUSE-SU-2023:2070-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1210507 CVE References: CVE-2023-29383 Sources used: SUSE Linux Enterprise High Performance Computing ESPOS 15 SP3 (src): shadow-4.8.1-150300.4.6.1 SUSE Linux Enterprise High Performance Computing LTSS 15 SP3 (src): shadow-4.8.1-150300.4.6.1 SUSE Linux Enterprise Real Time 15 SP3 (src): shadow-4.8.1-150300.4.6.1 SUSE Linux Enterprise Server 15 SP3 LTSS 15-SP3 (src): shadow-4.8.1-150300.4.6.1 SUSE Linux Enterprise Server for SAP Applications 15 SP3 (src): shadow-4.8.1-150300.4.6.1 SUSE Manager Proxy 4.2 (src): shadow-4.8.1-150300.4.6.1 SUSE Manager Retail Branch Server 4.2 (src): shadow-4.8.1-150300.4.6.1 SUSE Manager Server 4.2 (src): shadow-4.8.1-150300.4.6.1 SUSE Enterprise Storage 7.1 (src): shadow-4.8.1-150300.4.6.1 SUSE Linux Enterprise Micro 5.1 (src): shadow-4.8.1-150300.4.6.1 SUSE Linux Enterprise Micro 5.2 (src): shadow-4.8.1-150300.4.6.1 SUSE Linux Enterprise Micro for Rancher 5.2 (src): shadow-4.8.1-150300.4.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2069-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1210507 CVE References: CVE-2023-29383 Sources used: SUSE OpenStack Cloud 9 (src): shadow-4.2.1-27.22.1 SUSE OpenStack Cloud Crowbar 9 (src): shadow-4.2.1-27.22.1 SUSE Linux Enterprise Server for SAP Applications 12 SP4 (src): shadow-4.2.1-27.22.1 SUSE Linux Enterprise Server 12 SP2 BCL 12-SP2 (src): shadow-4.2.1-27.22.1 SUSE Linux Enterprise Server 12 SP4 ESPOS 12-SP4 (src): shadow-4.2.1-27.22.1 SUSE Linux Enterprise Server 12 SP4 LTSS 12-SP4 (src): shadow-4.2.1-27.22.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2068-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1210507 CVE References: CVE-2023-29383 Sources used: SUSE Linux Enterprise High Performance Computing 15 SP1 LTSS 15-SP1 (src): shadow-4.6-150100.3.8.1 SUSE Linux Enterprise High Performance Computing 15 SP2 LTSS 15-SP2 (src): shadow-4.6-150100.3.8.1 SUSE Linux Enterprise Server 15 SP1 LTSS 15-SP1 (src): shadow-4.6-150100.3.8.1 SUSE Linux Enterprise Server 15 SP2 LTSS 15-SP2 (src): shadow-4.6-150100.3.8.1 SUSE Linux Enterprise Server for SAP Applications 15 SP1 (src): shadow-4.6-150100.3.8.1 SUSE Linux Enterprise Server for SAP Applications 15 SP2 (src): shadow-4.6-150100.3.8.1 SUSE Enterprise Storage 7 (src): shadow-4.6-150100.3.8.1 SUSE CaaS Platform 4.0 (src): shadow-4.6-150100.3.8.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2067-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1210507 CVE References: CVE-2023-29383 Sources used: SUSE Linux Enterprise High Performance Computing 12 SP5 (src): shadow-4.2.1-36.3.1 SUSE Linux Enterprise Server 12 SP5 (src): shadow-4.2.1-36.3.1 SUSE Linux Enterprise Server for SAP Applications 12 SP5 (src): shadow-4.2.1-36.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2023:2066-1: An update that solves one vulnerability can now be installed. Category: security (moderate) Bug References: 1210507 CVE References: CVE-2023-29383 Sources used: openSUSE Leap Micro 5.3 (src): shadow-4.8.1-150400.10.6.1 openSUSE Leap 15.4 (src): shadow-4.8.1-150400.10.6.1 SUSE Linux Enterprise Micro for Rancher 5.3 (src): shadow-4.8.1-150400.10.6.1 SUSE Linux Enterprise Micro 5.3 (src): shadow-4.8.1-150400.10.6.1 Basesystem Module 15-SP4 (src): shadow-4.8.1-150400.10.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:0939-1: An update that solves one vulnerability and has seven security fixes can now be installed. Category: security (moderate) Bug References: 1144060, 1176006, 1188307, 1203823, 1205502, 1206627, 1210507, 1213189 CVE References: CVE-2023-29383 Maintenance Incident: [SUSE:Maintenance:32886](https://smelt.suse.de/incident/32886/) Sources used: openSUSE Leap Micro 5.4 (src): shadow-4.8.1-150400.3.6.1 SUSE Linux Enterprise Micro for Rancher 5.4 (src): shadow-4.8.1-150400.3.6.1 SUSE Linux Enterprise Micro 5.4 (src): shadow-4.8.1-150400.3.6.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
SUSE-SU-2024:1007-1: An update that solves two vulnerabilities and has seven security fixes can now be installed. Category: security (moderate) Bug References: 1144060, 1176006, 1188307, 1203823, 1205502, 1206627, 1210507, 1213189, 1214806 CVE References: CVE-2023-29383, CVE-2023-4641 Maintenance Incident: [SUSE:Maintenance:32887](https://smelt.suse.de/incident/32887/) Sources used: SUSE Linux Enterprise Micro 5.5 (src): shadow-4.8.1-150500.3.3.1 NOTE: This line indicates an update has been released for the listed product(s). At times this might be only a partial fix. If you have questions please reach out to maintenance coordination.
All affected codestreams have been patched for this issue.