curl 身份认证绕过漏洞（CVE-2023-27535）升级记录

一、漏洞描述

curl在7.13.0-7.88.1版本中存在身份认证绕过漏洞。libcurl将重用之前所创建的FTP连接，即使一个或多个参数被更改，可能会使有效用户变得不一样，从而导致使用错误的凭据进行第二次传输。

影响范围：curl 7.13.0 - 7.88.1
现场版本7.29
官网：http://curl.haxx.se/download/

二、修复处理

curl --version  //检查版本确认
curl 7.29.0 (x86_64-redhat-linux-gnu) libcurl/7.29.0 NSS/3.34 zlib/1.2.7 libidn/1.28 libssh2/1.4.3
Protocols: dict file ftp ftps gopher http https imap imaps ldap ldaps pop3 pop3s rtsp scp sftp smtp smtps telnet tftp 
Features: AsynchDNS GSS-Negotiate IDN IPv6 Largefile NTLM NTLM_WB SSL libz unix-sockets 

ll /bin/curl 
-rwxr-xr-x. 1 root root 156736 Apr 13  2018 /bin/curl
gcc -v  //
gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/opt/rh/devtoolset-9/root/usr/libexec/gcc/x86_64-redhat-linux/9/lto-wrapper
Target: x86_64-redhat-linux
Configured with: ../configure --enable-bootstrap --enable-languages=c,c++,fortran,lto --prefix=/opt/rh/devtoolset-9/root/usr --mandir=/opt/rh/devtoolset-9/root/usr/share/man --infodir=/opt/rh/devtoolset-9/root/usr/share/info --with-bugurl=http://bugzilla.redhat.com/bugzilla --enable-shared --enable-threads=posix --enable-checking=release --enable-multilib --with-system-zlib --enable-__cxa_atexit --disable-libunwind-exceptions --enable-gnu-unique-object --enable-linker-build-id --with-gcc-major-version-only --with-linker-hash-style=gnu --with-default-libstdcxx-abi=gcc4-compatible --enable-plugin --enable-initfini-array --with-isl=/builddir/build/BUILD/gcc-9.3.1-20200408/obj-x86_64-redhat-linux/isl-install --disable-libmpx --enable-gnu-indirect-function --with-tune=generic --with-arch_32=x86-64 --build=x86_64-redhat-linux
Thread model: posix
gcc version 9.3.1 20200408 (Red Hat 9.3.1-2) (GCC) 

#yum 源配置
mkdir /etc/yum.repos.d/back/
mv /etc/yum.repos.d/CentOS-Base.repo /etc/yum.repos.d/back/
wget -O /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repo
#非阿里云ECS用户会出现 Couldn't resolve host 'mirrors.cloud.aliyuncs.com' 信息，不影响使用
sed -i -e '/mirrors.cloud.aliyuncs.com/d' -e '/mirrors.aliyuncs.com/d' /etc/yum.repos.d/CentOS-Base.repo
yum makecache

#介质下载
wget https://curl.haxx.se/download/curl-8.2.1.tar.gz --no-check-certificat
tar -xzf curl-8.2.1.tar.gz
yum update nss nss-util nss-sysinit nss-tools
yum -y install centos-release-scl
yum -y install devtoolset-9-gcc devtoolset-9-gcc-c++ devtoolset-9-binutils
scl enable devtoolset-9 bash
echo "source /opt/rh/devtoolset-9/enable" >>/etc/profile
make install
#
export PATH=$PATH:/usr/local/curl-8.2.1/bin
#验证
curl -v