Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
===========================================================================
AUSCERT Security Bulletin
ASB-2014.0050
Two vulnerabilities have been identified in Splunk
14 April 2014
===========================================================================
AusCERT Security Bulletin Summary
---------------------------------
Product: Splunk
Operating System: Windows
UNIX variants (UNIX, Linux, OSX)
Impact/Access: Access Privileged Data -- Remote/Unauthenticated
Denial of Service -- Remote/Unauthenticated
Resolution: Patch/Upgrade
CVE Names: CVE-2014-0160 CVE-2013-4353
Member content until: Wednesday, May 14 2014
Reference: ASB-2014.0042
ESB-2014.0457
ESB-2014.0021
OVERVIEW
Two vulnerabilities have been identified in Splunk prior to
version 6.0.3. [1]
IMPACT
The vendor has provided the following details regarding these
vulnerabilities:
"OpenSSL 1.0.1 TLS Heartbeat leaks sensitive information (SPL-82696,
CVE-2014-0160)
Description: The (1) TLS and (2) DTLS implementations in OpenSSL 1.0.1
before 1.0.1g do not properly handle Heartbeat Extension packets,
which allows remote attackers to obtain sensitive information from
process memory via crafted packets that trigger a buffer over-read,
as demonstrated by reading private keys, related to d1_both.c and
t1_lib.c, aka the Heartbleed bug. " [1]
"Invalid TLS handshake could crash OpenSSL with a NULL pointer
exception (SPL-78823, CVE-2013-4353)
Description: The ssl3_take_mac function in ssl/s3_both.c in OpenSSL
1.0.1 before 1.0.1f allows remote TLS servers to cause a denial of
service (NULL pointer dereference and application crash) via a crafted
Next Protocol Negotiation record in a TLS handshake. " [1]
MITIGATION
The vendor recommends updating to the latest version of Splunk to
correct these issues. [1]
REFERENCES
[1] Splunk 6.0.3 addresses two vulnerabilities - April 10, 2014
http://www.splunk.com/view/SP-CAAAMB3
AusCERT has made every effort to ensure that the information contained
in this document is accurate. However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.
===========================================================================
Australian Computer Emergency Response Team
The University of Queensland
Brisbane
Qld 4072
Internet Email: auscert@auscert.org.au
Facsimile: (07) 3365 7031
Telephone: (07) 3365 4417 (International: +61 7 3365 4417)
AusCERT personnel answer during Queensland business hours
which are GMT+10:00 (AEST).
On call after hours for member emergencies only.
===========================================================================
-----BEGIN PGP SIGNATURE-----
Comment: http://www.auscert.org.au/render.html?it=1967
iQIVAwUBU0tGuBLndAQH1ShLAQJEFw//RIQTtuCdMBvwX/e4UsQRsCkCYNJvC34N
gBJ34z+mAhX9dgbUiODlgmPEPxp7Xtpf0idcko6l11hFvRt1Sfhe6v35HCVZqR/U
W0zVnyyO1bB7XczAfK2QWRoSep2M4D5LYn5zYQnVZtnyNI2+nQfNSlgFTF3R/tQA
2+9jTacQ4i8I7c5hUV32wGA14BMqnEkWSvVz/IuSmk4G9acD0KoD+awb5oZDVTeN
Tz1Qd2v+/YtEN9RNTw/IdwnbAJBx4yGqZfo83ofK5Vu0qnkplYRXJjuIXVHmW78s
6jh3GHHVtiU937InvmxuRZe4w/YXuFSf173jIPogTHz/rkCGCj3R6Uv8Kv7hBfa7
YSs5KcM0Rw1blK0Xa2jPWH01yN+y8tW5YfNnZ9OJ7/x4EdF+ILFzYe+N85ZgjApu
XdFy/R4IJV4SE9zkR75rPk2oAN8Ipq44ud8Fz5rxMzis2vstNOboPR2nPQnCV56F
WniXLxD3tBEBM0I5+AtKzs7Pqz773C+beZM9DFyHkDaGwqmERu9yIyiix2YMbpvK
nZWXVRZiycBKew8g1ZfRvhMFT+g3Tj6Zw5xUH1o+bSuM8irb/+WGIa1Ar4JuCrcH
GrR7E99JVFVPl0OPQYHab4qGMPWZMSVk3uE1u4+7MUTS4xQOxfRJK6BzfmS7Xh6l
8L+9coXhwLg=
=uIgr
-----END PGP SIGNATURE-----