Added: 01/13/2012
CVE: CVE-2011-4642
BID: 51061
OSVDB: 77695
Splunk collects, indexes and harnesses the massive volumes of valuable machine data generated by your complex IT infrastructure, whether physical, virtual or in the cloud.
Splunk allows users to perform search actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to execute arbitrary command/code when a logged-in administrator visits a specially crafted web page.
Upgrade to Splunk 4.2.5 or later.
<http://www.sec-1.com/blog/?p=233>
<http://www.exploit-db.com/exploits/18245/>
<http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf>
This exploit has been tested against Splunk 4.2.4 build 110225 on Windows XP SP3 and Ubuntu 10.04 Linux.
Windows
Linux
Mac OS X