{"dataType":"CVE_RECORD","dataVersion":"5.2","cveMetadata":{"state":"PUBLISHED","cveId":"CVE-2023-29383","assignerOrgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","assignerShortName":"mitre","dateUpdated":"2025-11-03T19:28:12.823Z","dateReserved":"2023-04-05T00:00:00.000Z","datePublished":"2023-04-14T00:00:00.000Z"},"containers":{"cna":{"providerMetadata":{"orgId":"8254265b-2729-46b6-b9e3-3dfca2d5bfca","shortName":"mitre","dateUpdated":"2023-04-14T00:00:00.000Z"},"descriptions":[{"lang":"en","value":"In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account."}],"affected":[{"vendor":"n/a","product":"n/a","versions":[{"version":"n/a","status":"affected"}]}],"references":[{"url":"https://github.com/shadow-maint/shadow/pull/687"},{"url":"https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d"},{"url":"https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797"},{"url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/"}],"problemTypes":[{"descriptions":[{"type":"text","lang":"en","description":"n/a"}]}]},"adp":[{"title":"CVE Program Container","references":[{"url":"https://github.com/shadow-maint/shadow/pull/687","tags":["x_transferred"]},{"url":"https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d","tags":["x_transferred"]},{"url":"https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797","tags":["x_transferred"]},{"url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/","tags":["x_transferred"]},{"url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00026.html"}],"providerMetadata":{"orgId":"af854a3a-2127-422b-91ae-364da2661108","shortName":"CVE","dateUpdated":"2025-11-03T19:28:12.823Z"}},{"problemTypes":[{"descriptions":[{"type":"CWE","cweId":"CWE-125","lang":"en","description":"CWE-125 Out-of-bounds Read"}]}],"metrics":[{"other":{"type":"ssvc","content":{"timestamp":"2025-02-06T21:21:27.050601Z","id":"CVE-2023-29383","options":[{"Exploitation":"poc"},{"Automatable":"no"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}}],"title":"CISA ADP Vulnrichment","providerMetadata":{"orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP","dateUpdated":"2025-02-06T21:23:31.283Z"}}]}}