An update for shadow is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1
Security Advisory
openeuler-security@openeuler.org
openEuler security committee
openEuler-SA-2023-1258
Final
1.0
1.0
2023-04-28
Initial
2023-04-28
2023-04-28
openEuler SA Tool V1.0
2023-04-28
shadow security update
An update for shadow is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1.
This package includes the necessary programs for converting plain password files to the shadow password format and to manage user and group accounts.
Security Fix(es):
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.(CVE-2023-29383)
An update for shadow is now available for openEuler-20.03-LTS-SP1,openEuler-20.03-LTS-SP3,openEuler-22.03-LTS and openEuler-22.03-LTS-SP1.
openEuler Security has rated this update as having a security impact of low. A Common Vunlnerability Scoring System(CVSS)base score,which gives a detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section.
Low
shadow
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1258
https://www.openeuler.org/en/security/cve/detail.html?id=CVE-2023-29383
https://nvd.nist.gov/vuln/detail/CVE-2023-29383
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
openEuler-22.03-LTS-SP1
shadow-debuginfo-4.8.1-7.oe1.aarch64.rpm
shadow-debugsource-4.8.1-7.oe1.aarch64.rpm
shadow-4.8.1-7.oe1.aarch64.rpm
shadow-4.8.1-6.oe1.aarch64.rpm
shadow-debuginfo-4.8.1-6.oe1.aarch64.rpm
shadow-debugsource-4.8.1-6.oe1.aarch64.rpm
shadow-4.9-7.oe2203.aarch64.rpm
shadow-debuginfo-4.9-7.oe2203.aarch64.rpm
shadow-debugsource-4.9-7.oe2203.aarch64.rpm
shadow-subid-devel-4.9-7.oe2203.aarch64.rpm
shadow-debuginfo-4.9-9.oe2203sp1.aarch64.rpm
shadow-subid-devel-4.9-9.oe2203sp1.aarch64.rpm
shadow-debugsource-4.9-9.oe2203sp1.aarch64.rpm
shadow-4.9-9.oe2203sp1.aarch64.rpm
shadow-help-4.8.1-7.oe1.noarch.rpm
shadow-help-4.8.1-6.oe1.noarch.rpm
shadow-help-4.9-7.oe2203.noarch.rpm
shadow-help-4.9-9.oe2203sp1.noarch.rpm
shadow-4.8.1-7.oe1.src.rpm
shadow-4.8.1-6.oe1.src.rpm
shadow-4.9-7.oe2203.src.rpm
shadow-4.9-9.oe2203sp1.src.rpm
shadow-debugsource-4.8.1-7.oe1.x86_64.rpm
shadow-debuginfo-4.8.1-7.oe1.x86_64.rpm
shadow-4.8.1-7.oe1.x86_64.rpm
shadow-debuginfo-4.8.1-6.oe1.x86_64.rpm
shadow-debugsource-4.8.1-6.oe1.x86_64.rpm
shadow-4.8.1-6.oe1.x86_64.rpm
shadow-subid-devel-4.9-7.oe2203.x86_64.rpm
shadow-4.9-7.oe2203.x86_64.rpm
shadow-debugsource-4.9-7.oe2203.x86_64.rpm
shadow-debuginfo-4.9-7.oe2203.x86_64.rpm
shadow-4.9-9.oe2203sp1.x86_64.rpm
shadow-debugsource-4.9-9.oe2203sp1.x86_64.rpm
shadow-debuginfo-4.9-9.oe2203sp1.x86_64.rpm
shadow-subid-devel-4.9-9.oe2203sp1.x86_64.rpm
In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that cat /etc/passwd shows a rogue user account.
2023-04-28
CVE-2023-29383
openEuler-20.03-LTS-SP1
openEuler-20.03-LTS-SP3
openEuler-22.03-LTS
openEuler-22.03-LTS-SP1
Low
3.3
AV:L/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N
shadow security update
2023-04-28
https://www.openeuler.org/en/security/safety-bulletin/detail.html?id=openEuler-SA-2023-1258