Splunk 4.3.x Denial Of ServiceSplunk 4.3.x Denial Of Service



EKU-ID: 2804 CVE: 2012-1150 OSVDB-ID:
Author: Alexander Klink Published: 2012-11-21 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home


________________________________________________________________________
Vendors:            Splunk Inc., http://www.splunk.com
Product:            Splunk 4.3.x (+ possibly earlier versions)
Vulnerability:      Unauth. remote denial of service against splunkweb
Tracking IDs:       CVE-2012-1150
SPL-53249
___________________________________________________________________________
Vendor communication:
2012/09/03 Reported the issue via Splunk's website
2012/09/04 Splunk responds and assigns tracking ID, plans fix for 5.0.
Replacing the Python version in a maintenance release
(4.3.x)
was considered too risky.
2012/10/25 Splunk informs us that 5.0 will be available on November 1st.
2012/10/29 Splunk 5.0 is released.
___________________________________________________________________________
Overview:
 
Splunkweb uses Python 2.7.2, which suffers from a vulnerability which allows
an
attacker to produce hash collisions for the hash table string hashing
function.
This leads to an O(n^2) complexity when inserting n keys (see
http://bugs.python.org/issue13703).
 
Description:
 
An attacker can abuse this vulnerability by sending a POST request to
Splunkweb
(for example to the login form endpoint) with colliding keys. Even a
moderate
amount of POST data leads to a 100% CPU usage for the splunkweb process.
 
Impact:
 
Denial of service (CPU exhaustion) against the Splunk server.
 
Fixes:
 
This issue has been fixed in Splunk 5.0 by updating the Python version
to 2.7.3 and enabling hash randomization.  
 
________________________________________________________________________
Credits:
Alexander Klink, n.runs AG (discovery)
________________________________________________________________________
References:
This advisory and upcoming advisories:
http://www.nruns.com/security_advisory.php
________________________________________________________________________