Blog Guide Continuation: Hands-On Practice with Computer Safety!

Patch Process for CVE-2023-38545 - A Step-by-Step Guide

1. Understanding the Patch Process

In this guide, we will cover the patch process for the CVE-2023-38545 vulnerability, focusing on `curl` version updates and security enhancements.

2. Verifying Installed curl Version

For Windows:

Step 1: Open Command Prompt.
Command: curl -V
Outcome: Identify if the installed version of curl falls within the vulnerable range (7.69.0 to 8.3.0).

For Ubuntu Linux:

Step 1: Open Terminal.
Command: curl -V
Outcome: Check if the version is 7.81.0.

3. Download and Install the Updated curl

For Windows:

Step 1: Go to the curl for Windows download page.
https://curl.se/windows/

Step 2: Choose the appropriate system architecture (32-bit or 64-bit).

Step 3: Download and unzip the latest version of curl.

Step 4: Move the unzipped folder to C:\Program Files.

Step 5: Update the system's PATH environment variable.

1. Open "Edit System Environment Variables."
2. Add the path to the new curl folder in the bin directory above the existing C:\windows\system32.
3. Confirm changes and close all dialogs.

For Ubuntu Linux:

Step 1: Download the latest source package for curl.
Command: wget https://launchpad.net/ubuntu/+archive/primary/+sourcefiles/curl/7.81.0-1/curl_7.81.0.orig.tar.gz

Step 2: Unzip the package.
Command: tar -zxvf curl_7.81.0.orig.tar.gz

Step 3: Apply the patch.
Command: curl https://raw.githubusercontent.com/DanielNoah/pentesting_DevSecOps/master/curlPatch/CVE-2023-38545_7.81.0.patch | git apply -v

Step 4: Verify that the patch has been applied by running a test command.
Command: curl -v --limit-rate 16384 --location --proxy socks5h://socks-server:1080 http://attacker-ip:8000
Outcome: Ensure the command does not execute as expected.

4. Testing and Verifying the New curl Version

For Windows:

Step 1: Open Command Prompt.
Command: curl -V
Outcome: Confirm the version displayed is the newly installed one.

For Ubuntu Linux:

Step 1: Run the curl -V command in the terminal.
Outcome: Confirm that the output shows the newly patched version.
Result: As same as the STEP 4 process for Ubuntu Linux.

5. Applying the Patch in Docker Containers

Docker Scout:

Step 1: Use Docker Scout to analyze and evaluate local Docker images.
Command: docker login and then docker scout repo enable --org <org-name> <org-name>/scout-demo
Outcome: Determine if any Docker images are using the vulnerable curl version.

Secure curl Docker Image:

Step 2: Download a secure curl Docker image.
Command: sudo docker pull curlimages/curl:8.4.0

Step 3: Run the new image and verify the version.
Command: sudo docker run --rm curlimages/curl:8.4.0 --version
Outcome: Confirm that Docker containers are now using the patched curl version.

6. Final Verification

Step 1: Run a final series of tests on both the OS and Docker containers to ensure that the system is no longer vulnerable.
Step 2: Document the process, save the new configurations, and ensure all systems are updated regularly.