Security

OpenSSL security bug

mpavlas
Explorer

Splunk 6.0.2 is linked against OpenSSL 1.0.1e which has serious security flaw (CVE-2014-0160).
When will be Splunk with fixed OpenSSL (1.0.1g) available?

Tags (1)
1 Solution

MuS
SplunkTrust
SplunkTrust

Hi mpavlas,

Splunk is currently testing the fix, official statement on IRC #splunk channel:

Welcome to #splunk! | Currently testing a fix for the Heartbleed OpenSSL issue

as soon as it is available you will hear about on IRC #splunk and their webpage....stay tuned

cheers, MuS

View solution in original post

martin_mueller
SplunkTrust
SplunkTrust
0 Karma

troywollenslege
Path Finder

I am hoping that Splunk will send out a global communication (email) about this issue and include a set of versions that are affected and a timeline when they will be patched/updated.

0 Karma

dwaddle
SplunkTrust
SplunkTrust

Keep an eye on the splunk security portal at http://www.splunk.com/page/securityportal -- which has an RSS feed you can subscribe to as well.

0 Karma

millern4
Communicator

that was it, thank you.....indeed we are affected

[xxxxxxxxxxxx /]$ cd /splunk/bin/
[xxxxxxxxxx bin]$ pwd
/splunk/bin
[xxxxxxxxxx bin]$ ./splunk cmd openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

MuS
SplunkTrust
SplunkTrust

if this is a default *uix setup try:

/opt/splunk/bin/splunk cmd openssl version

millern4
Communicator

is there another command to run I've tried below with different variation but it never returns any ouput?

$SPLUNK_HOME/bin/splunk cmd openssl version

/]$ $SPLUNK_HOME/bin/splunk cmd openssl version
-bash: /bin/splunk: No such file or directory

Is there another way to run this command?

0 Karma

MuS
SplunkTrust
SplunkTrust

did you run this like $SPLUNK_HOME/bin/splunk cmd openssl version? Otherwise you will probably get a response from your servers openSSL installation not the one from Splunk .....

0 Karma

millern4
Communicator

According to heartbleed.com:

What versions of the OpenSSL are affected?

Status of different versions:

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

Our production search head is running Splunk 6.0. When I look at the command line:

bin]$ openssl version
OpenSSL 1.0.0-fips 29 Mar 2010

Does this mean we are not affected by this?

0 Karma

MuS
SplunkTrust
SplunkTrust

Hi mpavlas,

Splunk is currently testing the fix, official statement on IRC #splunk channel:

Welcome to #splunk! | Currently testing a fix for the Heartbleed OpenSSL issue

as soon as it is available you will hear about on IRC #splunk and their webpage....stay tuned

cheers, MuS

aelliott
Motivator

Looks like there is an update available: http://www.splunk.com/view/SP-CAAAMB3

0 Karma

yannK
Splunk Employee
Splunk Employee
0 Karma

grijhwani
Motivator

A Splunk blog entry has just been published confirming progress so far in addressing the problem.

troywollenslege
Path Finder

Hopefully to more than just IRC 🙂

Thanks for working on this quickly.

piebob
Motivator

this is correct. we are working currently to test our fix, and will post it as soon as it meets our quality requirements.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...