Date: 04 January 2012
Click here for printable version
Click here for PGP verifiable version
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2011.0117.2
Three vulnerabilities have been fixed in Splunk 4.2.5
4 January 2012
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Splunk prior to 4.2.5
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Execute Arbitrary Code/Commands -- Remote with User Interaction
Cross-site Scripting -- Remote with User Interaction
Access Privileged Data -- Existing Account
Resolution: Patch/Upgrade
CVE Names: CVE-2011-4778 CVE-2011-4643 CVE-2011-4642
Member content until: Saturday, January 14 2012
Revision History: January 4 2012: Added additional vulnerability and CVE numbers
December 15 2011: Initial Release
OVERVIEW
Three vulnerabilities have been identified in Splunk prior to
version 4.2.5. [1]
IMPACT
Splunk has provided the following information on the vulnerabilities:
CVE-2011-4778 "A reflected cross-site scripting vulnerability was identified in
Splunk Web. An attacker could trick a user into clicking a specially
crafted link that would disclose a valid Splunk session key to the
attacker."[1]
CVE-2011-4642 "A remote code execution vulnerability was identified in Splunk Web.
An attacker could trick a Splunk admin in to visiting a malicious web
page or clicking on a specially crafted link which would result in
arbitrary code execution on the Splunk server. By default, non-admin
Splunk users are not susceptible to this vulnerability."[1]
CVE-2011-4643 "A directory traversal vulnerability was identified in Splunk Web and
the Splunkd HTTP Server. A normal Splunk user could exploit this
information to read sensitive information from the Splunk server." [1]
MITIGATION
Splunk has released version 4.2.5 to correct these issues. [1]
REFERENCES
[1] Splunk 4.2.5 addresses three vulnerabilities
http://www.splunk.com/view/SP-CAAAGMM
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBTwPtke4yVqjM2NGpAQKJ/BAAoq/AenbwEQzoOCHYb7lsyh0LCqVEwMNf
hK67sTTvTDFSCfYeV0X5ESPG5Rrh1LiRxxLNLapFsIf2HmxoUKz+e0ehf6bH4yia
Hq6MHSS4LZ0EpotDgRRuyst+HaxDX7Vq4TOgWmB6wbtpXZKfBGx87Gp3v8JtBxz5
z3+IJdzpNDb9ix8Np7W7To7xAouLE5laXi4+jjjJCsU+OJw1nMQTsqBxc4lt/fn1
EYLFMhv8/XjCYX/0JQLGMKsXrcTiCFVTBz+eR+alpLn2TDX1JumWLIOoNSuBKMv3
Lvf2eijDl2XyO7b8T/0NEbsehiKWGLkkEQea1m5hzjIXqun+DndwRtcswC+H/gnX
g1QOoq0Af/v//sCn9BJJkpjQ4QIEo1wWpQuyyAYefpADd5Ona+9Z0/MCfOukqxwN
BsPW5Ep9chPUhIdahP4ohbeJFFN5mMmo8d8wRTo8N46Wp1MDsczLq40yR7CqtZQE
CcDpOjS/lTPYWs+xDg6J0YUnYBkCIHVxC3V1PCD1zuRCKrGJFsz5SV4vd8glTvg2
+sG3o36PciOAXjp0C+VL717+mMn8z5Om5Zz/42huLlGV9MpX6dVw1JRfTkUC79Z6
oO5CvMjRdo08sdarjOll7DKOVyUt0znItyYTmisR+8tq2rD9sZ1teMp+wPPq6w10
zIey/xN0y28=
=9I1O
-----END PGP SIGNATURE-----
|