all InfoSec news logo
all InfoSec news - Your InfoSec news aggregator
Log in Sign up
all InfoSec news

CVE-2023-29383: Abusing Linux chfn to Misrepresent /etc/passwd

Add to bookmarks
April 13, 2023, midnight |

SpiderLabs Blog from Trustwave www.trustwave.com

Two years ago, I picked out chfn as a candidate to be reviewed for security bugs. Why chfn I hear you ask? (Thanks for asking.) It is one of a small number of Set owner User ID (SUID) programs loaded with Linux which means it runs with the permissions of the ‘root’ user regardless of the user who executes it, for it needs to modify the /etc/passwd file to do its job.

abusing asking bugs cve etc job linux permissions root security

Visit resource

More from www.trustwave.com / SpiderLabs Blog from Trustwave

The Invisible Battleground: Essentials of EASM 1 day, 5 hours ago | www.trustwave.com
attack attack surface attack surface management cyber +13
EDR – The Multi-Tool of Security Defenses 1 day, 5 hours ago | www.trustwave.com
blog blog posts can cybersecurity +10
Fake Dialog Boxes to Make Malware More Convincing 6 days, 5 hours ago | www.trustwave.com
dialog engagement fake loader +7
The Secret Cipher: Modern Data Loss Prevention Solutions 1 week, 1 day ago | www.trustwave.com
automated can cipher data +18
CVE-2024-3400: PAN-OS Command Injection Vulnerability in GlobalProtect Gateway 1 week, 3 days ago | www.trustwave.com
alto arbitrary code attacker code +25
CNAPP, CSPM, CIEM, CWPP – Oh My! 2 weeks, 1 day ago | www.trustwave.com
alphabet ciem cnapp cspm +9
Phishing Deception - Suspended Domains Reveal Malicious Payload for Latin American Region 2 weeks, 4 days ago | www.trustwave.com
american attachment campaign deception +12
Zero Trust Essentials 3 weeks, 1 day ago | www.trustwave.com
blog blog posts can cybersecurity +8
Why We Should Probably Stop Visually Verifying Checksums 3 weeks, 6 days ago | www.trustwave.com
checksums hello start thanks +2

Jobs in InfoSec / Cybersecurity

Post a job on infosec-jobs.com Find talent on infosec-jobs.com

SOC 2 Manager, Audit and Certification

@ Deloitte | US and CA Multiple Locations
View on infosec-jobs.com

Security Engineer II, Offensive Security Penetration Testing

@ Amazon.com | US, TX, Virtual Location - Texas
View on infosec-jobs.com

Cybersecurity Specialist (Security Engineering)

@ Triton AI Pte Ltd | Singapore, Singapore, Singapore
View on infosec-jobs.com

Information Systems Security Officer (ISSO)

@ ARA | Arlington, Virginia, United States
View on infosec-jobs.com

Lead - IT Risk compliance & Info Security

@ First Advantage | Bengaluru-560042, Karnataka
View on infosec-jobs.com

Embedded VSOC Analyst

@ Sibylline Ltd | Australia, Australia
View on infosec-jobs.com
View more jobs