Splunk 5.0 updates to python 2.7.3, addressing two vulnerabilities

Overview

Splunk 5.0, which was released on October 30th, 2012, updates to python version 2.7.3 in order to address the vulnerabilities described in CVE-2012-0876 (cve.mitre.org) .

Credit

Splunk would like to credit Tommie Giles with reporting that Splunk was vulnerable to CVE-2012-0876.

Splunk also would like to credit Alexander Klink of n.runs AG with reporting to us that Splunk was vulnerable to CVE-2012-1150.

What is Python?

Python is an interpreted, object-oriented, high-level programming language.

How does Splunk use Python?

Splunk ships with a python interpreter that it uses for several web and application services.

Who is affected?

This notification applies to you if you are using any version of Splunk (2.x, 3.x, or 4.x) prior to version 5.0. Previous versions of Splunk utilized versions of the python interpreter that were vulnerable to these issues.

What should I do if I am affected?

Splunk recommends that customers upgrade to version 5.0 at their first opportunity.

What else can I do to help remediate this issue?

Splunk recommends that customers implement as many aspects of the Splunk Hardening Standards as possible to reduce risk.

Is Splunk aware of any exploits of Splunk related to CVE-2012-1150 or CVE-2012-0876?

At the time of this announcement, Splunk is not aware of any exploits for vulnerabilities related to CVE-2012-1150 or CVE-2012-0876.

What if I have additional questions?

If you have any questions about the information above, please contact Support.

Document History

• 2012-November-1: Rev 1. Initial Release