Back to bug 2187184
| Who | When | What | Removed | Added |
|---|---|---|---|---|
| Avinash Hanwate | 2023-04-17 07:02:09 UTC | CC | ipedrosa, pbrezina | |
| Avinash Hanwate | 2023-04-17 07:02:32 UTC | Blocks | 2187185 | |
| Sandipan Roy | 2023-04-17 07:10:53 UTC | Depends On | 2187190 | |
| Sandipan Roy | 2023-04-17 07:13:06 UTC | Doc Text | In Shadow, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. | |
| Sandipan Roy | 2023-04-17 07:14:49 UTC | Depends On | 2187195, 2187193, 2187192, 2187194 | |
| Iker Pedrosa | 2023-04-17 07:50:28 UTC | CC | saroy | |
| Flags | needinfo?(saroy) | |||
| Sandipan Roy | 2023-04-17 07:52:37 UTC | Flags | needinfo?(saroy) | |
| Sandipan Roy | 2023-04-17 07:54:34 UTC | Depends On | 2187215 | |
| Sandipan Roy | 2023-04-17 07:56:08 UTC | CC | kzak | |
| Sandipan Roy | 2023-04-17 07:58:32 UTC | Depends On | 2187219, 2187217, 2187218, 2187216 | |
| RaTasha Tillery-Smith | 2023-04-17 13:01:42 UTC | Doc Text | In Shadow, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. | A flaw was found in Shadow, where it is possible to inject control characters into fields provided to the SUID program change finger(chfn). Although it is not possible to exploit this directly (for example, adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Using \r manipulations and Unicode characters to work around blocking the : character makes it possible to give the impression that a new user has been added. An adversary can convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that "cat /etc/passwd" shows a rogue user account. |
| Red Hat Bugzilla | 2023-07-07 08:31:57 UTC | Assignee | security-response-team | nobody |
| Karel Zak | 2023-07-12 08:51:00 UTC | Flags | needinfo?(ahanwate) | |
| TEJ RATHI | 2023-07-12 10:45:30 UTC | Flags | needinfo?(ahanwate) | |
| Product Security DevOps Team | 2023-07-12 15:40:12 UTC | Status | NEW | CLOSED |
| Resolution | --- | NOTABUG | ||
| Last Closed | 2023-07-12 15:40:12 UTC |
Back to bug 2187184