CVE-2023-4641

A flaw was found in shadow-utils. When asking for a new password, shadow-utils asks the password twice. If the password fails on the second attempt, shadow-utils fails in cleaning the buffer used to store the first entry. This may allow an attacker with enough access to retrieve the password from the memory.

CVSS v3 4.7 MEDIUM

4.7^/10

CVSS v3 : MEDIUM

V3 Legend

Vector :

Exploitability : 1.0 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity HIGH

Privileges Required LOW

User Interaction NONE

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

References

Link	Resource
https://access.redhat.com/errata/RHSA-2023:6632	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7112	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0417
https://access.redhat.com/errata/RHSA-2024:2577
https://access.redhat.com/security/cve/CVE-2023-4641	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2215945	Issue Tracking
https://access.redhat.com/errata/RHSA-2023:6632	Third Party Advisory
https://access.redhat.com/errata/RHSA-2023:7112	Third Party Advisory
https://access.redhat.com/errata/RHSA-2024:0417
https://access.redhat.com/errata/RHSA-2024:2577
https://access.redhat.com/security/cve/CVE-2023-4641	Third Party Advisory
https://bugzilla.redhat.com/show_bug.cgi?id=2215945	Issue Tracking

Configurations

Configuration 1 (hide)

cpe:2.3:a:shadow-maint:shadow-utils:*:*:*:*:*:*:*:*

Configuration 2 (hide)

OR	cpe:2.3:a:redhat:codeready_linux_builder:8.0:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder:9.0:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::*
	cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::*

History

21 Nov 2024, 08:35

Type	Values Removed	Values Added
References	~~() https://access.redhat.com/errata/RHSA-2023:6632 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2023:6632 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7112 - Third Party Advisory~~	() https://access.redhat.com/errata/RHSA-2023:7112 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2024:0417 -~~	() https://access.redhat.com/errata/RHSA-2024:0417 -
References	~~() https://access.redhat.com/errata/RHSA-2024:2577 -~~	() https://access.redhat.com/errata/RHSA-2024:2577 -
References	~~() https://access.redhat.com/security/cve/CVE-2023-4641 - Third Party Advisory~~	() https://access.redhat.com/security/cve/CVE-2023-4641 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2215945 - Issue Tracking~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2215945 - Issue Tracking
CVSS	v2 : ~~unknown~~ v3 : ~~5.5~~	v2 : unknown v3 : 4.7

03 May 2024, 16:15

Type	Values Removed	Values Added
References		() https://access.redhat.com/errata/RHSA-2024:0417 - () https://access.redhat.com/errata/RHSA-2024:2577 -

04 Jan 2024, 17:06

Type	Values Removed	Values Added
CVSS	v2 : ~~unknown~~ v3 : ~~4.7~~	v2 : unknown v3 : 5.5
CWE		CWE-287
Summary		(es) Se encontró una falla en Shadow-Utils. Al solicitar una nueva contraseña, Shadow-Utils la solicita dos veces. Si la contraseña falla en el segundo intento, Shadow-Utils no logra limpiar el búfer utilizado para almacenar la primera entrada. Esto puede permitir que un atacante con suficiente acceso recupere la contraseña de la memoria.
CPE		cpe:2.3:o:redhat:enterprise_linux:9.0:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:8.0_aarch64:::::::* cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:9.0_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:8.0_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder:8.0:::::::* cpe:2.3:a:shadow-maint:shadow-utils:::::::: cpe:2.3:o:redhat:enterprise_linux_for_ibm_z_systems:8.0_s390x:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_arm64:9.0_aarch64:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:9.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux:8.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:9.0:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_power_little_endian:8.0_ppc64le:::::::* cpe:2.3:a:redhat:codeready_linux_builder:9.0:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:8.0_ppc64le:::::::* cpe:2.3:o:redhat:enterprise_linux_for_arm_64:8.0:::::::* cpe:2.3:a:redhat:codeready_linux_builder_for_ibm_z_systems:9.0_s390x:::::::* cpe:2.3:o:redhat:enterprise_linux_for_power_little_endian:9.0_ppc64le:::::::*
References	~~() https://access.redhat.com/errata/RHSA-2023:6632 -~~	() https://access.redhat.com/errata/RHSA-2023:6632 - Third Party Advisory
References	~~() https://access.redhat.com/errata/RHSA-2023:7112 -~~	() https://access.redhat.com/errata/RHSA-2023:7112 - Third Party Advisory
References	~~() https://access.redhat.com/security/cve/CVE-2023-4641 -~~	() https://access.redhat.com/security/cve/CVE-2023-4641 - Third Party Advisory
References	~~() https://bugzilla.redhat.com/show_bug.cgi?id=2215945 -~~	() https://bugzilla.redhat.com/show_bug.cgi?id=2215945 - Issue Tracking
First Time		Shadow-maint Redhat enterprise Linux For Ibm Z Systems Redhat enterprise Linux For Power Little Endian Shadow-maint shadow-utils Redhat Redhat enterprise Linux For Arm 64 Redhat codeready Linux Builder For Power Little Endian Redhat codeready Linux Builder For Arm64 Redhat enterprise Linux Redhat codeready Linux Builder For Ibm Z Systems Redhat codeready Linux Builder

27 Dec 2023, 16:15

Type	Values Removed	Values Added
New CVE

Information

Published : 2023-12-27 16:15

Updated : 2024-11-21 08:35

NVD link : CVE-2023-4641

Mitre link : CVE-2023-4641

CVE.ORG link : CVE-2023-4641

JSON object : View

Products Affected

redhat

enterprise_linux
enterprise_linux_for_ibm_z_systems
enterprise_linux_for_power_little_endian
codeready_linux_builder_for_arm64
codeready_linux_builder_for_power_little_endian
enterprise_linux_for_arm_64
codeready_linux_builder_for_ibm_z_systems
codeready_linux_builder

shadow-maint

shadow-utils

CWE

CWE-303

Incorrect Implementation of Authentication Algorithm

CWE-287

Improper Authentication

4.7 /10