CVE-2023-4641

Опубликовано: 17 июн. 2023

Источник: redhat

CVSS3: 4.7

Описание

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

Отчет

This vulnerability is classified as low severity despite of confidentiality is high because it requires an attacker to have elevated access privileges to exploit the issue, an attacker must already have significant access to the system to retrieve the password from memory. Additionally, the issue is limited to specific scenarios where a password attempt fails, which reduces its overall risk.

Затронутые пакеты

Платформа	Пакет	Состояние	Рекомендация	Релиз
Red Hat Enterprise Linux 6	shadow-utils	Out of support scope
Red Hat Enterprise Linux 7	shadow-utils	Out of support scope
Red Hat Enterprise Linux 8	shadow-utils	Fixed	RHSA-2023:7112	14.11.2023
Red Hat Enterprise Linux 8.6 Extended Update Support	shadow-utils	Fixed	RHSA-2024:0417	25.01.2024
Red Hat Enterprise Linux 8.8 Extended Update Support	shadow-utils	Fixed	RHSA-2024:2577	30.04.2024
Red Hat Enterprise Linux 9	shadow-utils	Fixed	RHSA-2023:6632	07.11.2023

Показывать по

Ссылки на источники

Дополнительная информация

Статус:

Low

Дефект:

CWE-303

https://bugzilla.redhat.com/show_bug.cgi?id=2215945shadow-utils: possible password leak during passwd(1) change

4.7 Medium

CVSS3

Связанные уязвимости

CVE-2023-4641

CVSS3: 4.7

ubuntu

больше 1 года назад

CVE-2023-4641

CVSS3: 4.7

nvd

больше 1 года назад

CVE-2023-4641

CVSS3: 5.5

msrc

4 месяца назад

Описание отсутствует

CVE-2023-4641

CVSS3: 4.7

debian

больше 1 года назад

A flaw was found in shadow-utils. When asking for a new password, shad ...

SUSE-SU-2023:4027-1

suse-cvrf

почти 2 года назад

Security update for shadow

4.7 Medium

CVSS3