14 April 2014
Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0050 Two vulnerabilities have been identified in Splunk 14 April 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Splunk Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Privileged Data -- Remote/Unauthenticated Denial of Service -- Remote/Unauthenticated Resolution: Patch/Upgrade CVE Names: CVE-2014-0160 CVE-2013-4353 Member content until: Wednesday, May 14 2014 Reference: ASB-2014.0042 ESB-2014.0457 ESB-2014.0021 OVERVIEW Two vulnerabilities have been identified in Splunk prior to version 6.0.3.  IMPACT The vendor has provided the following details regarding these vulnerabilities: "OpenSSL 1.0.1 TLS Heartbeat leaks sensitive information (SPL-82696, CVE-2014-0160) Description: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1 before 1.0.1g do not properly handle Heartbeat Extension packets, which allows remote attackers to obtain sensitive information from process memory via crafted packets that trigger a buffer over-read, as demonstrated by reading private keys, related to d1_both.c and t1_lib.c, aka the Heartbleed bug. "  "Invalid TLS handshake could crash OpenSSL with a NULL pointer exception (SPL-78823, CVE-2013-4353) Description: The ssl3_take_mac function in ssl/s3_both.c in OpenSSL 1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of service (NULL pointer dereference and application crash) via a crafted Next Protocol Negotiation record in a TLS handshake. "  MITIGATION The vendor recommends updating to the latest version of Splunk to correct these issues.  REFERENCES  Splunk 6.0.3 addresses two vulnerabilities - April 10, 2014 http://www.splunk.com/view/SP-CAAAMB3 AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: email@example.com Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU0tGuBLndAQH1ShLAQJEFw//RIQTtuCdMBvwX/e4UsQRsCkCYNJvC34N gBJ34z+mAhX9dgbUiODlgmPEPxp7Xtpf0idcko6l11hFvRt1Sfhe6v35HCVZqR/U W0zVnyyO1bB7XczAfK2QWRoSep2M4D5LYn5zYQnVZtnyNI2+nQfNSlgFTF3R/tQA 2+9jTacQ4i8I7c5hUV32wGA14BMqnEkWSvVz/IuSmk4G9acD0KoD+awb5oZDVTeN Tz1Qd2v+/YtEN9RNTw/IdwnbAJBx4yGqZfo83ofK5Vu0qnkplYRXJjuIXVHmW78s 6jh3GHHVtiU937InvmxuRZe4w/YXuFSf173jIPogTHz/rkCGCj3R6Uv8Kv7hBfa7 YSs5KcM0Rw1blK0Xa2jPWH01yN+y8tW5YfNnZ9OJ7/x4EdF+ILFzYe+N85ZgjApu XdFy/R4IJV4SE9zkR75rPk2oAN8Ipq44ud8Fz5rxMzis2vstNOboPR2nPQnCV56F WniXLxD3tBEBM0I5+AtKzs7Pqz773C+beZM9DFyHkDaGwqmERu9yIyiix2YMbpvK nZWXVRZiycBKew8g1ZfRvhMFT+g3Tj6Zw5xUH1o+bSuM8irb/+WGIa1Ar4JuCrcH GrR7E99JVFVPl0OPQYHab4qGMPWZMSVk3uE1u4+7MUTS4xQOxfRJK6BzfmS7Xh6l 8L+9coXhwLg= =uIgr -----END PGP SIGNATURE-----