SAINT CorporationSAINT:AC72F332FE3B9CF6E0F6E244AAFFAD9FSplunk Search Jobs Remote Code Execution
4.6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.4%
Added: 01/13/2012
CVE: CVE-2011-4642
BID: 51061
OSVDB: 77695
Background
Splunk collects, indexes and harnesses the massive volumes of valuable machine data generated by your complex IT infrastructure, whether physical, virtual or in the cloud.
Problem
Splunk allows users to perform search actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to execute arbitrary command/code when a logged-in administrator visits a specially crafted web page.
Resolution
Upgrade to Splunk 4.2.5 or later.
References
<http://www.sec-1.com/blog/?p=233>
<http://www.exploit-db.com/exploits/18245/>
<http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf>
Limitations
This exploit has been tested against Splunk 4.2.4 build 110225 on Windows XP SP3 and Ubuntu 10.04 Linux.
Platforms
Windows
Linux
Mac OS X
Related
4.6 Medium
CVSS2
Attack Vector
NETWORK
Attack Complexity
HIGH
Authentication
SINGLE
Confidentiality Impact
PARTIAL
Integrity Impact
PARTIAL
Availability Impact
PARTIAL
AV:N/AC:H/Au:S/C:P/I:P/A:P
0.018 Low
EPSS
Percentile
88.4%