{"id":"CVE-2023-29383","details":"In Shadow 4.13, it is possible to inject control characters into fields provided to the SUID program chfn (change finger). Although it is not possible to exploit this directly (e.g., adding a new user fails because \\n is in the block list), it is possible to misrepresent the /etc/passwd file when viewed. Use of \\r manipulations and Unicode characters to work around blocking of the : character make it possible to give the impression that a new user has been added. In other words, an adversary may be able to convince a system administrator to take the system offline (an indirect, social-engineered denial of service) by demonstrating that \"cat /etc/passwd\" shows a rogue user account.","modified":"2026-05-18T05:56:33.784311766Z","published":"2023-04-14T00:00:00Z","related":["SUSE-SU-2023:2066-1","SUSE-SU-2023:2067-1","SUSE-SU-2023:2068-1","SUSE-SU-2023:2069-1","SUSE-SU-2023:2070-1","SUSE-SU-2024:0939-1","SUSE-SU-2024:1007-1","SUSE-SU-2024:1007-2","openSUSE-SU-2024:12881-1"],"database_specific":{"osv_generated_from":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29383.json","cna_assigner":"mitre"},"references":[{"type":"WEB","url":"https://lists.debian.org/debian-lts-announce/2025/04/msg00026.html"},{"type":"ADVISORY","url":"https://github.com/CVEProject/cvelistV5/tree/main/cves/2023/29xxx/CVE-2023-29383.json"},{"type":"ADVISORY","url":"https://nvd.nist.gov/vuln/detail/CVE-2023-29383"},{"type":"ADVISORY","url":"https://www.trustwave.com/en-us/resources/security-resources/security-advisories/?fid=31797"},{"type":"FIX","url":"https://github.com/shadow-maint/shadow/commit/e5905c4b84d4fb90aefcd96ee618411ebfac663d"},{"type":"FIX","url":"https://github.com/shadow-maint/shadow/pull/687"},{"type":"ARTICLE","url":"https://www.trustwave.com/en-us/resources/blogs/spiderlabs-blog/cve-2023-29383-abusing-linux-chfn-to-misrepresent-etc-passwd/"}],"affected":[{"ranges":[{"type":"GIT","repo":"https://github.com/shadow-maint/shadow","events":[{"introduced":"0"},{"last_affected":"24b44b686ea2221405cfd806dede046cf1fd9584"}],"database_specific":{"extracted_events":[{"introduced":"0"},{"last_affected":"4.13"}],"source":"CPE_FIELD","cpe":"cpe:2.3:a:shadow_project:shadow:4.13:*:*:*:*:*:*:*"}}],"versions":["4.13","4.12.2","4.12.1","4.12","v4.11.1","v4.10","4.10","v4.9","4.9","4.8.1","4.8","4.7","4.6","4.5","4.4","4.3.1","4.3.0","4.2.1"],"database_specific":{"source":"https://storage.googleapis.com/osv-test-cve-osv-conversion/osv-output/CVE-2023-29383.json"}}],"schema_version":"1.7.5"}