| Package | shadow |
|---|---|
| Version | 1:4.2-3+deb8u6 (jessie) |
| Related CVEs | CVE-2023-4641 CVE-2023-29383 |
Several vulnerabilities were discovered in the shadow suite of login tools. An attacker may extract a password from memory in limited situations, and confuse an administrator inspecting /etc/passwd from within a terminal.
-
CVE-2023-4641
When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.
-
CVE-2023-29383
It is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed.
For Debian 8 jessie, these problems have been fixed in version 1:4.2-3+deb8u6.
We recommend that you upgrade your shadow packages.
Further information about Extended LTS security advisories can be found in the dedicated section of our website.