Splunk Search Jobs Remote Code Execution
Added: 01/13/2012CVE: CVE-2011-4642
BID: 51061
OSVDB: 77695
Background
Splunk collects, indexes and harnesses the massive volumes of valuable machine data generated by your complex IT infrastructure, whether physical, virtual or in the cloud.Problem
Splunk allows users to perform search actions via HTTP requests without performing proper validity checks to verify the requests. This can be exploited to execute arbitrary command/code when a logged-in administrator visits a specially crafted web page.Resolution
Upgrade to Splunk 4.2.5 or later.References
http://www.sec-1.com/blog/?p=233http://www.exploit-db.com/exploits/18245/
http://www.sec-1.com/blog/wp-content/uploads/2011/12/Attacking_Splunk_Release.pdf
Limitations
This exploit has been tested against Splunk 4.2.4 build 110225 on Windows XP SP3 and Ubuntu 10.04 Linux.Platforms
WindowsLinux
Mac OS X
Back to exploit index