Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 =========================================================================== AUSCERT Security Bulletin ASB-2014.0076 A number of vulnerabilities have been identified in Splunk Enterprise 15 July 2014 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Splunk Enterprise Operating System: UNIX variants (UNIX, Linux, OSX) Windows Impact/Access: Unauthorised Access -- Remote with User Interaction Provide Misleading Information -- Remote with User Interaction Resolution: Patch/Upgrade CVE Names: CVE-2014-3470 CVE-2014-0224 Member content until: Thursday, August 14 2014 Reference: ESB-2014.0887 OVERVIEW A number of vulnerabilities have been identified in Splunk Enterprise prior to versions 6.1.2, 6.05, and 5.09. [1] IMPACT The vendor has provided the following details regarding these issues: "OpenSSL susceptible to man-in-the-middle via CCS Injection (SPL-85063, CVE-2014-0224) Description: OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h does not properly restrict processing of ChangeCipherSpec messages, which allows man-in-the-middle attackers to trigger use of a zero-length master key in certain OpenSSL-to-OpenSSL communications, and consequently hijack sessions or obtain sensitive information, via a crafted TLS handshake, aka the "CCS Injection" vulnerability." [1] "OpenSSL anonymous ECDH cipher suite contains weakness (SPL-85063, CVE-2014-3470) Description: The ssl3_send_client_key_exchange function in s3_clnt.c in OpenSSL before 0.9.8za, 1.0.0 before 1.0.0m, and 1.0.1 before 1.0.1h, when an anonymous ECDH cipher suite is used, allows remote attackers to cause a denial of service (NULL pointer dereference and client crash) by triggering a NULL certificate value." [1] MITIGATION It is recommended that users update to the latest version of Splunk Enterprise to correct these issues. [1] REFERENCES [1] Splunk Enterprise 6.1.2, 6.0.5 and 5.0.9 address two vulnerabilities http://www.splunk.com/view/SP-CAAAM2D AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBU8S+VxLndAQH1ShLAQJ+QA/9GKtkkDWlHycyGthY9KZ8EX+MQXh96u2w qvt32pQWQjX8xuIPKgaGetXrAMFKP9kFJyjS36UqkEztPSUcXqAIzOFN/MH71H0D j+RaDHVYvIUfjQVSx80RCpwCpBlIyoDU5DueZWO04DZKMvoZyAjXl4tA0MCLuICH 4ckaNGn3cI8uzMQkUXxGnyeX8V30p+tjR05gEkeCfVNwrRQFGICgkYLmV5l73RVd E0CR825otmL3h1Vyu1yo68SYNJc86YM1rnVH9xF3x4V70ulU73/Rd/hlgMxtAP8P v6ckbdH3n00KHH901q5IVmepPyROLERrAq8M1aHHxsTgzNKbIDs15nr4B8ElEgap 7bPyCuBbdZnwhUm5PKfUWT+1nRgzHr1NzBmg4hsoSdRKtu3jUdb/1+wEDDEvCXk+ Idkc84/u6QAWXXTQJV90otC3KwkKA9ehCScQ/rR3pLz+mllA+zP10I7FFbZ/OWkz Y92j3nI9eqWmkkEv/+3h/qGlZx1n4gdrP8sizSnaRY4JJQI0wc+mWpdBqwg43xm2 krYpFH4hRo3HDGmaQhcyPwSTA8cmDuQ36Q5CPv9p1WIyVnj6VE5iZBVqKmC7auvn f2mjLJzffeMMejBk//8ScDrlh6EhDCiYmz7ZqyNDKv3ZKcPWcg/FpkKZa4TN/0ef LDFZ/cJC8hQ= =ccQC -----END PGP SIGNATURE-----