About CVE-2023-27536 – Amazon provides alert on “libcurl” design weakness (23rd Apr 2023)

Preface: cURL command is an important Linux tool, commonly used for data transfer and connection troubleshooting.

Background: EC2 Instance – Amazon Elastic Compute Cloud (Amazon EC2) provides scalable computing capacity in the Amazon Web Services (AWS) Cloud. Using Amazon EC2 eliminates your need to invest in hardware up-front so that you can develop and deploy applications faster.
Best Practices for Building AMI:
Check port settings as follows:

  • Linux-based AMIs – Ensure that a valid SSH port is open. The default SSH port is 22.
  • Windows-based AMIs – Ensure that an RDP port is open. The default RDP port is 3389. Also, the WinRM port (5985 by default) must be open to
    Ensure that your AMI meets all AWS Marketplace policies, including disabling root login.

Vulnerability details: An authentication bypass vulnerability exists libcurl <8.0.0 in the connection reuse feature which can reuse previously established connections with incorrect user permissions due to a failure to check for changes in the CURLOPT_GSSAPI_DELEGATION option. This vulnerability affects krb5/kerberos/negotiate/GSSAPI transfers and could potentially result in unauthorized access to sensitive information. The safest option is to not reuse connections if the CURLOPT_GSSAPI_DELEGATION option has been changed.

Official details: For details, please refer to the link – https://nvd.nist.gov/vuln/detail/CVE-2023-27536

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.