topic Re: OpenSSL security bug in Security

OpenSSL security bug

mpavlas — Wed, 09 Apr 2014 08:13:24 GMT

Splunk 6.0.2 is linked against OpenSSL 1.0.1e which has serious security flaw (CVE-2014-0160).
When will be Splunk with fixed OpenSSL (1.0.1g) available?

Re: OpenSSL security bug

MuS — Wed, 09 Apr 2014 08:20:24 GMT

Hi mpavlas,

Splunk is currently testing the fix, official statement on IRC #splunk channel:

Welcome to #splunk! | Currently testing a fix for the Heartbleed OpenSSL issue

as soon as it is available you will hear about on IRC #splunk and their webpage....stay tuned

cheers, MuS

Re: OpenSSL security bug

millern4 — Wed, 09 Apr 2014 12:09:59 GMT

According to heartbleed.com:

What versions of the OpenSSL are affected?

Status of different versions:

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

Our production search head is running Splunk 6.0. When I look at the command line:

bin]$ openssl version
OpenSSL 1.0.0-fips 29 Mar 2010

Does this mean we are not affected by this?

Re: OpenSSL security bug

MuS — Wed, 09 Apr 2014 12:31:01 GMT

did you run this like $SPLUNK_HOME/bin/splunk cmd openssl version? Otherwise you will probably get a response from your servers openSSL installation not the one from Splunk .....

Re: OpenSSL security bug

millern4 — Wed, 09 Apr 2014 12:37:31 GMT

is there another command to run I've tried below with different variation but it never returns any ouput?

$SPLUNK_HOME/bin/splunk cmd openssl version

/]$ $SPLUNK_HOME/bin/splunk cmd openssl version
-bash: /bin/splunk: No such file or directory

Is there another way to run this command?

Re: OpenSSL security bug

MuS — Wed, 09 Apr 2014 12:40:47 GMT

if this is a default *uix setup try:

/opt/splunk/bin/splunk cmd openssl version

Re: OpenSSL security bug

millern4 — Wed, 09 Apr 2014 12:47:28 GMT

that was it, thank you.....indeed we are affected

[xxxxxxxxxxxx /]$ cd /splunk/bin/
[xxxxxxxxxx bin]$ pwd
/splunk/bin
[xxxxxxxxxx bin]$ ./splunk cmd openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

Re: OpenSSL security bug

troywollenslege — Wed, 09 Apr 2014 17:46:38 GMT

I am hoping that Splunk will send out a global communication (email) about this issue and include a set of versions that are affected and a timeline when they will be patched/updated.

Re: OpenSSL security bug

piebob — Wed, 09 Apr 2014 19:49:42 GMT

this is correct. we are working currently to test our fix, and will post it as soon as it meets our quality requirements.

Re: OpenSSL security bug

dwaddle — Wed, 09 Apr 2014 19:50:09 GMT

Keep an eye on the splunk security portal at http://www.splunk.com/page/securityportal -- which has an RSS feed you can subscribe to as well.

Re: OpenSSL security bug

troywollenslege — Wed, 09 Apr 2014 19:51:40 GMT

Hopefully to more than just IRC 🙂

Thanks for working on this quickly.

Re: OpenSSL security bug

martin_mueller — Wed, 09 Apr 2014 21:49:45 GMT

Only 6.0.0-6.0.2 are affected: http://answers.splunk.com/answers/131019/heartbleedopenssl-and-splunk/131069

Re: OpenSSL security bug

grijhwani — Thu, 10 Apr 2014 02:41:55 GMT

A Splunk blog entry has just been published confirming progress so far in addressing the problem.

Re: OpenSSL security bug

yannK — Thu, 10 Apr 2014 21:31:23 GMT

last updates : http://blogs.splunk.com/2014/04/09/splunk-and-the-heartbleed-ssl-vulnerability/

Re: OpenSSL security bug

aelliott — Fri, 11 Apr 2014 13:45:12 GMT

Looks like there is an update available: http://www.splunk.com/view/SP-CAAAMB3