Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

CVE-2024-5535 - Openssl 1.0.2zk Vunerability

gschleusener
Engager
‎07-22-2024 09:09 PM

Hi,

I can see Splunk is vulnerable to openssl 1.0.2zk, I've applied the latest 9.2.2 on Splunk Enterprise and the Universal Forwarder, still running the older 1.0.2zj version.

Any ideas when this will be remediated?

OpenSSL Bulletin on 26 June
[ Vulnerabilities ] - /news/vulnerabilities-1.0.2.html (openssl.org)

From Splunk Advisory, latest openssl related update was in March for zj version.gschleusener_0-1721707496114.png

 

Labels (1)
Labels
Reply

PickleRick
SplunkTrust
SplunkTrust
‎07-30-2024 03:23 AM

OK. Let me quote from the OpenSSL vulnerability description.

"Impact summary: A buffer overread can have a range of potential consequences such as unexpected application beahviour or a crash. In particular this issue could result in up to 255 bytes of arbitrary private data from memory being sent to the peer leading to a loss of confidentiality. However, only applications that directly call the SSL_select_next_proto function with a 0 length list of supported client protocols are affected by this issue. This would normally never be a valid scenario and is typically not under attacker control but may occur by accident in the case of a configuration or programming error in the calling application."

Read the last sentence. Over and over again. If unsure - verify if you can exploit this potential vulnerability. Otherwise, stop worrying about this.

Reply

vsrigane
Explorer
‎07-30-2024 02:21 AM

We are also flagged by this Patch Vulnerability by our Tenable Scanning Results on Compliance Portal.

 

We were under an assumption that the Splunk Universal Forwarder release of Version 9.2.2 will have this fix incorporated, but apparently seems like that is not the case.

 

Any idea when could we expect a fix for this as the due date for this exposure has already passed (July 28th 2024)?

 

Thanks,

Vishwa

Reply

reddsbaron
Observer
‎10-02-2024 08:30 AM

so if I am running 9.3.1 and Tenable is still flagging this what was the solution or is there a fix for this not to show up in the scan?

0 Karma
Reply

PickleRick
SplunkTrust
SplunkTrust
‎10-02-2024 12:50 PM

Yes. Define exception in Nessus.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...