SAINT CorporationSAINT:61F84A557A8BEE866EC6143976531646Splunk Search Jobs Remote Code Execution
0.018 Low
EPSS
Percentile
88.4%
Added: 01/13/2012
CVE: CVE-2011-4642
BID: 51061
OSVDB: 77695
Background
Splunk collects, indexes and harnesses the massive volumes of valuable machine data generated by your complex IT infrastructure, whether physical, virtual or in the cloud.
Problem
Splunk allows users to perform search actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to execute arbitrary command/code when a logged-in administrator visits a specially crafted web page.
Resolution
Upgrade to Splunk 4.2.5 or later.
References
<http://www.sec-1.com/blog/?p=233>
<http://www.exploit-db.com/exploits/18245/>
<http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf>
Limitations
This exploit has been tested against Splunk 4.2.4 build 110225 on Windows XP SP3 and Ubuntu 10.04 Linux.
Platforms
Windows
Linux
Mac OS X
Related
