Protect yourself against future threats.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 =========================================================================== AUSCERT Security Bulletin ASB-2017.0200 SAML Vulnerabilities in Splunk Enterprise 16 November 2017 =========================================================================== AusCERT Security Bulletin Summary --------------------------------- Product: Splunk Enterprise Operating System: Windows UNIX variants (UNIX, Linux, OSX) Impact/Access: Access Privileged Data -- Remote/Unauthenticated Resolution: Patch/Upgrade Member content until: Saturday, December 16 2017 OVERVIEW Multiple SAML-related vulnerabilities have been identified in Splunk Enterprise prior to versions 7.0.0.1, 6.6.4, 6.4.9 and 6.3.12. [1] IMPACT Splunk has provided the following details regarding the vulnerabilities: "Splunk Enterprise versions 7.0.x before 7.0.0.1, 6.6.x before 6.6.4, 6.5.x before 6.5.6, 6.4.x before 6.4.9, 6.3.x before 6.3.12 are vulnerable to multiple SAML vulnerabilities. The most severe of these vulnerabilities can permit an unauthenticated attacker access to a SAML-enabled Splunk Web or permit an authenticated user to impersonate another user or role." [1] MITIGATION Splunk recommends upgrading to the latest versions to address these vulnerabilities. [1] REFERENCES [1] Splunk Enterprise 7.0.0.1, 6.6.4, 6.5.6, 6.4.9 and 6.3.12 address multiple SAML vulnerabilities https://www.splunk.com/view/SP-CAAAP3K AusCERT has made every effort to ensure that the information contained in this document is accurate. However, the decision to use the information described is the responsibility of each user or organisation. The decision to follow or act on information or advice contained in this security bulletin is the responsibility of each user or organisation, and should be considered in accordance with your organisation's site policies and procedures. AusCERT takes no responsibility for consequences which may arise from following or acting on information or advice contained in this security bulletin. =========================================================================== Australian Computer Emergency Response Team The University of Queensland Brisbane Qld 4072 Internet Email: auscert@auscert.org.au Facsimile: (07) 3365 7031 Telephone: (07) 3365 4417 (International: +61 7 3365 4417) AusCERT personnel answer during Queensland business hours which are GMT+10:00 (AEST). On call after hours for member emergencies only. =========================================================================== -----BEGIN PGP SIGNATURE----- Comment: http://www.auscert.org.au/render.html?it=1967 iQIVAwUBWg06zox+lLeg9Ub1AQiB0w//eMUfCyVvLbkbW92IKIPnIZxJwq4rW967 ul29tusY/nMfkxzPK1Z1GbpJIn+JY5hv/XR8Gnd19SbNdFoFWj+LTOKmkNsSWaNt AILjBL2NHH6koWEFjMIYNyjTIrKVaCZOslZaKA9hgX0hqgqDZcGif9HRL133xIB/ P+bhtZVM3/LogAxaVR6efdqKWf9SWUNpGQPftWgnxVfalqTup8c3JJZBDl7le4CO VSQ3dg/Pgk2/CSIVvC4fa1M+n1yOFoXvcs+9VV7UpPmXXHLQnA6d7te87jUwRYBu QgSVJg2IfGJ45tBni4KHO1tJ5LgKP4xcouXUvIfTYgHdIt+7AriLcnawssbjU0Pv phTpxB9+aGx5O7c43OL6OjXpZpUYIL3QJkhs+iFLZ/X2ux7FdjulIQnu9cy4sqrC Gq4PgBjC+oHIAxMYaszFhw+iSOK/vbttcRbYzZ2W1LoyfohPplmHabmsosxgLK91 6wq6uIlArtXbUCGA4sRJRdidXV8qlRqJkh8dsCHyPeylm/5fsxfdOUDqd2woAQzn SNOcfWUQ7WJELke/vCw+jZsY6J0BcPU1qcZmXzZJ3IygNKGrtPZ/AOU9SN4SxkG/ BkwK892fhNwqEDYq9s3YSJF2oNHTNgC28i9YuH0tsxh2/B5dkGdzRklDxnLC6Lum ur7pMdUz31c= =miY0 -----END PGP SIGNATURE-----