FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 

High Severity cURL and libcurl CVE-2023-38545

Go to solution
fstekelenburg
DynaMight Pro
DynaMight Pro

‎10 Oct 2023 02:39 PM - last edited on ‎10 Oct 2023 03:11 PM by Community Team

High Severity for Curl en Libcurl CVE-2023-38545 has been brought to our attention. 

Tomorrow news will come out about a high severity vulnerability for cURL and libcur. The advice is to conduct an analysis of where this vulnerability occurs. 

https://www.rezilion.com/blog/cve-2023-38545-a-high-severity-curl-and-libcurl-cve-to-be-published-on...

This has not been posted yet at cve-status.dynatrace.com
Dynatrace CVE status (Common Vulnerabilities and Exposures) - Dynatrace Community

I have opened a Support ticket, as indicated on this page.

Kind regards, Frans Stekelenburg                 Certified Dynatrace Associate | measure.works, Dynatrace Partner
Reply
5 REPLIES 5

Go to solution
AntonioSousa
DynaMight Guru
DynaMight Guru

‎10 Oct 2023 02:54 PM

I have been following this and it seems that it is going to be at least a local execution exploit. You would probably have to be accessing a nasty site, so you then get exploited locally. Let's see what exactly what it is.

In the meantime, it's important to know if you have curl executing somewhere in your stack. Some of the curl executions might make it to the respective PG as below, but given that it normally executes for only a slight period of time, it might nor be automatically detetected by Dynatrace.

AntonioSousa_0-1696945979382.png

 

Antonio Sousa
Reply

Go to solution
fstekelenburg
DynaMight Pro
DynaMight Pro
In response to AntonioSousa

‎10 Oct 2023 03:27 PM

Thanks for the added info @AntonioSousa.

Curl can be found on all Linux boxes where also OneAgents, ActiveGates and Managed Cluster nodes are installed, and regularly utilized as tool in the life of an admin. And of course the Dynatrace admins are very trustworthy people, and will never use dodgy sites, But somehow the Security people are hard to convince 🙂 So I expect that they are persistent in havin the packages updated. I do not think that curl itself is a package that is part of Dynatrace and installed as such, in which case is will be a Linux admin matter.

Kind regards, Frans Stekelenburg                 Certified Dynatrace Associate | measure.works, Dynatrace Partner
0 Kudos
Reply

Go to solution
AntonioSousa
DynaMight Guru
DynaMight Guru
In response to fstekelenburg

‎10 Oct 2023 06:45 PM

@fstekelenburg,

I have checked if OneAgent & ActiveGate in some form use libcurl, but it doesn't seem to be the case. But eventually, some users might have scripts using curl (I have) that access Dynatrace (and other) API endpoints. I don't expect that to be a risk issue when we know about the vulnerability tomorrow, so let's wait  😉

Antonio Sousa
Reply

Go to solution
HannahM
Dynatrace Leader
Dynatrace Leader

‎11 Oct 2023 12:57 PM - edited ‎11 Oct 2023 12:57 PM

Hi all, thank you for your patience. You can find our official response here

Synthetic SME and community advocate.
Reply

Go to solution
AntonioSousa
DynaMight Guru
DynaMight Guru

‎11 Oct 2023 04:26 PM

IMHO, one more risk exaggeration, this time from the curl maintainer. For what I read of the vulnerability:

  1. curl has to be using a SOCKS5 proxy
  2. an attacker has to be able to point curl to a specific server they control
  3. curl is nor vulnerable in its default state, with the typical CURLOPT_BUFFERSIZE value
  4. latency & time replies are also involved

If you have like a public page that uses underlying curl , have changed the CURLOPT_BUFFERSIZE, have a SOCKS5 proxy (do you????), and it is slow, you might have a problem though!

Antonio Sousa
0 Kudos
Reply
Ask a question

Featured Posts