Splunk Enterprise 6.x < 6.0.1 Malformed Packet DoS

This script is Copyright (C) 2014 Tenable Network Security, Inc.


Synopsis :

An application on the remote host may be affected by a denial of
service vulnerability.

Description :

According to its version number, the remote Splunk Enterprise install
may be affected by a denial of service vulnerability that could be
triggered by malformed network input, which could result in the Splunk
server becoming unavailable.

Note that this only affects Splunk Enterprise 6.0 components
configured as data 'receivers' on the listening or receiving port(s)
and impacts Splunk Enterprise instances configured as indexers as well
as any forwarders configured as intermediate forwarders.

Note that Nessus has not tested for this issue but has instead
relied only on the application's self-reported version number.

See also :

http://www.splunk.com/view/SP-CAAAJD5
http://docs.splunk.com/Documentation/Splunk/6.0.1/ReleaseNotes/6.0.1

Solution :

Upgrade to Splunk Enterprise 6.0.1 or later.

Risk factor :

High / CVSS Base Score : 7.8
(CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C)
CVSS Temporal Score : 6.8
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Family: Denial of Service

Nessus Plugin ID: 71784 ()

Bugtraq ID: 64419

CVE ID: