Well I started the day with an email from Splunk> support about a new release, version 4.1.2. It seems there are several security issues with directory traversal, XSS, and other problems that were discovered and responsibly disclosed by aaron [at] vtty.com. Bravo to him, both for uncovering these, and for working with Splunk> to get these fixed. I’m digging his domain name, but there doesn’t seem to be an active site with it, so no link. Bravo to Splunk> for releasing a patch so quickly and for notifying users. If you are the primary contact, you probably already know about this. But just in case…
If you are using Splunk> 4.x you probably want to upgrade immediately. If you cannot upgrade, there is a patch available, though the recommendation is to upgrade. Splunk> versions in the 3.x train are not affected by these vulnerabilities. You can read more about the issues and download the latest versions or patches here, and if you are using enterprise certificates, you can read about steps to preserve them here. Running the upgrade is quick and painless, can be done in place, and does not even require a restart, but it will overwrite your CA issued certificates with self-signed ones. Replacing them with your CA issued certs will require a restart of splunk> web. I’m pretty sure in this video clip from Criminal Minds that Garcia says "I’m still spelunking for," but it’s certainly plausible that an uber-hacker like her would use splunk> to parse logs, and it’s much better than watching someone ssh to 305.14.20.99!
Direct link for RSS and email subscribers…http://www.youtube.com/watch?v=lenHQeEprLs
You might also enjoy:
