85824 : Splunk Data Preview Functionality Arbitrary File Access
Printer | http://osvdb.org/85824 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
7	289	8 months ago	8 months ago	7 times	100%

This vulnerability has been flagged as being a Myth/Fake.

Timeline

Disclosure Date
2012-09-04

Time to Exploit
39 days

Description

Splunk has been reported to contain a flaw in the data preview functionality. Using this function, a remote authenticated attacker can gain access to all system files including /etc/shadow and other sensitive configuration files. However, this vulnerability not only requires administrative authentication, but only manifests if the installation is done against Splunk's posted guidelines for helping ensure a more secure deployment. The functionality in question is designed to allow access to the underlying operating system with the same privileges as the running process.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Misconfiguration
Impact: Loss of Confidentiality
Solution: Upgrade
Exploit: Exploit Public
Disclosure: Vendor Disputed
OSVDB: Authentication Required, Myth / Fake

Solution

Despite the vendor saying it is not a vulnerability, an upgrade to version 4.3.4 or higher appears to fix this issue. An upgrade is required as there are no known workarounds.

Products

Splunk

4.3.3

References

Security Tracker: 1027476
Exploit Database: 21053
Generic Informational URL: http://docs.splunk.com/Documentation/Splunk/latest/Admin/Hardeningstandards
http://docs.splunk.com/Documentation/Splunk/latest/installation/RunSplunkasadifferentornon-rootuser
Vendor URL: http://www.splunk.com/

Credit

Marcio Almeida

CVSSv2 Score

NVD does not currently have a CVSSv2 score assigned.

Comments

Add Comment Hide Add Comment

No Comments.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.