StarlingX

[Debian] Medium CVE: CVE-2023-4641/CVE-2023-29383 shadow : multiple CVEs

Bug #2109997 reported by Yue Tao on 2025-05-06

256

This bug affects 1 person

Affects		Status	Importance	Assigned to	Milestone
	StarlingX	Fix Released	High	Unassigned

Bug Description

CVE-2023-4641: https://nvd.nist.gov/vuln/detail/CVE-2023-4641

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

CVE-2023-29383: https://nvd.nist.gov/vuln/detail/CVE-2023-29383

In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account.

Base Score: Medium

Reference:

['login_1:4.8.1-1_amd64.deb===>login_1:4.8.1-1+deb11u1_amd64.deb', 'passwd_1:4.8.1-1_amd64.deb===>passwd_1:4.8.1-1+deb11u1_amd64.deb']
https://security-tracker.debian.org/tracker/DLA-4130-1
https://www.tenable.com/plugins/nessus/234692

Tags:

CVE References

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2025-05-19: Fix proposed to tools (master)

Fix proposed to branch: master
Review: https://review.opendev.org/c/starlingx/tools/+/950325

Changed in starlingx:
status:	Triaged → In Progress

Revision history for this message

OpenStack Infra (hudson-openstack) wrote on 2025-06-05: Fix merged to tools (master)

Reviewed: https://review.opendev.org/c/starlingx/tools/+/950325
Committed: https://opendev.org/starlingx/tools/commit/214a0c7e11f70a7acef8ead652753dcc6fe1681d
Submitter: "Zuul (22348)"
Branch: master

commit 214a0c7e11f70a7acef8ead652753dcc6fe1681d
Author: Joao Tognolli Jr <email address hidden>
Date: Mon May 19 11:42:23 2025 -0300

Debian: login: fix multiple CVEs

Upgrade login to 4.8.1-1+deb11u1
Upgrade passwd to 1:4.8.1-1+deb11u1

CVE-2023-4641: https://nvd.nist.gov/vuln/detail/CVE-2023-4641
CVE-2023-29383: https://nvd.nist.gov/vuln/detail/CVE-2023-29383

https://security-tracker.debian.org/tracker/DLA-4130-1
https://www.tenable.com/plugins/nessus/234692

    TestPlan:
    PASS: downloader; build-pkgs
    PASS: build-image
    PASS: install on SX-lab (VBox)

Closes-Bug: 2109997

Change-Id: Ica494b2540b191137ca9bfdc69e5bbab8eb6482c
Signed-off-by: Joao Tognolli Jr <email address hidden>

Changed in starlingx:
status:	In Progress → Fix Released

Report a bug

This report contains Public Security information

Everyone can see this security related information.

You are

Subscribing...

Edit bug mail

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.