Oval Definition:oval:org.opensuse.security:def:202329383
Revision Date:2023-06-22Version:1
Title:CVE-2023-29383
Description:

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.
Family:unixClass:vulnerability
Status:Reference(s):Mitre CVE-2023-29383
SUSE CVE-2023-29383
SUSE-CU-2023:1343-1
SUSE-CU-2023:1344-1
SUSE-CU-2023:1345-1
SUSE-CU-2023:1346-1
SUSE-CU-2023:1347-1
SUSE-CU-2023:1348-1
SUSE-CU-2023:1349-1
SUSE-CU-2023:1350-1
SUSE-CU-2023:1351-1
SUSE-CU-2023:1352-1
SUSE-CU-2023:1353-1
SUSE-CU-2023:1354-1
SUSE-CU-2023:1355-1
SUSE-CU-2023:1356-1
SUSE-CU-2023:1357-1
SUSE-CU-2023:1358-1
SUSE-CU-2023:1359-1
SUSE-CU-2023:1360-1
SUSE-CU-2023:1363-1
SUSE-CU-2023:1369-1
SUSE-CU-2023:1371-1
SUSE-CU-2023:1372-1
SUSE-CU-2023:1373-1
SUSE-CU-2023:1374-1
SUSE-CU-2023:1375-1
SUSE-CU-2023:1376-1
SUSE-CU-2023:1377-1
SUSE-CU-2023:1378-1
SUSE-CU-2023:1379-1
SUSE-CU-2023:1380-1
SUSE-CU-2023:1381-1
SUSE-CU-2023:1382-1
SUSE-CU-2023:1383-1
SUSE-CU-2023:1384-1
SUSE-CU-2023:1385-1
SUSE-CU-2023:1386-1
SUSE-CU-2023:1387-1
SUSE-CU-2023:1388-1
SUSE-CU-2023:1389-1
SUSE-CU-2023:1458-1
SUSE-CU-2023:1459-1
SUSE-CU-2023:1460-1
SUSE-CU-2023:1461-1
SUSE-CU-2023:1462-1
SUSE-CU-2023:1463-1
SUSE-CU-2023:1464-1
SUSE-CU-2023:1465-1
SUSE-CU-2023:1466-1
SUSE-CU-2023:1467-1
SUSE-CU-2023:1482-1
SUSE-CU-2023:1483-1
SUSE-CU-2023:1484-1
SUSE-CU-2023:1485-1
SUSE-CU-2023:1486-1
SUSE-CU-2023:1487-1
SUSE-CU-2023:1488-1
SUSE-CU-2023:1489-1
SUSE-CU-2023:1490-1
SUSE-CU-2023:1491-1
SUSE-CU-2023:1492-1
SUSE-CU-2023:1493-1
SUSE-CU-2023:1494-1
SUSE-CU-2023:1495-1
SUSE-CU-2023:1496-1
SUSE-CU-2023:1498-1
SUSE-CU-2023:1546-1
SUSE-CU-2023:1547-1
SUSE-CU-2023:1548-1
SUSE-CU-2023:1549-1
SUSE-CU-2023:1836-1
SUSE-CU-2023:1838-1
SUSE-CU-2023:1839-1
SUSE-CU-2023:1840-1
SUSE-CU-2023:1844-1
SUSE-CU-2023:1897-1
SUSE-CU-2023:2047-1
SUSE-CU-2023:2048-1
SUSE-CU-2023:2049-1
SUSE-CU-2023:2050-1
SUSE-CU-2023:2051-1
SUSE-IU-2023:317-1
SUSE-IU-2023:318-1
SUSE-IU-2023:319-1
SUSE-IU-2023:347-1
SUSE-IU-2023:348-1
SUSE-IU-2023:349-1
SUSE-SU-2023:2066-1
SUSE-SU-2023:2067-1
SUSE-SU-2023:2068-1
SUSE-SU-2023:2069-1
SUSE-SU-2023:2070-1
Platform(s):SUSE Linux Enterprise Desktop 15 SP5
SUSE Linux Enterprise High Performance Computing 15 SP5
SUSE Linux Enterprise Micro 5.4
SUSE Linux Enterprise Module for Basesystem 15 SP5
SUSE Linux Enterprise Server 15 SP5
SUSE Linux Enterprise Server for SAP Applications 15 SP5
Product(s):
Definition Synopsis
  • SUSE Linux Enterprise Micro 5.4 is installed
  • AND Package Information
  • login_defs is affected
  • OR shadow is affected
    • Definition Synopsis
  • Release Information
  • SUSE Linux Enterprise Desktop 15 SP5 is installed
  • OR SUSE Linux Enterprise High Performance Computing 15 SP5 is installed
  • OR SUSE Linux Enterprise Module for Basesystem 15 SP5 is installed
  • OR SUSE Linux Enterprise Server 15 SP5 is installed
  • OR SUSE Linux Enterprise Server for SAP Applications 15 SP5 is installed
  • AND Package Information
  • login_defs-4.8.1-150400.10.6.1 is installed
  • OR shadow-4.8.1-150400.10.6.1 is installed
    • BACK