Solved: Does shellshock impact Splunk Enterprise 5.0.4

newbiesplunk · ‎10-02-2014

Hi,
Would like to check whether the Shellshock affect older version of splunk 5.0.4, any document to state that it does not impact this version? thks

MarioM · ‎10-02-2014

Here http://www.splunk.com/view/SP-CAAANJN you have more details

View solution in original post

jrodman · ‎10-14-2014

To answer your versioning question, there is no meaningful difference between 5.0.4 and 5.0.9 that MarioM links in regard to shellshock. Shellshock is a bash vulnerability with a broad attack surface, for which the correct thing to do is to update bash.

For the security conscious user, I would strongly encourage following the current maintenance release of whatever line of product they choose to deploy.

MarioM · ‎10-02-2014

Here http://www.splunk.com/view/SP-CAAANJN you have more details

newbiesplunk · ‎10-06-2014

HI,
I thought i read the article that 5.0.4 is not vulnerable to Heartbleed, can assist to provide the article that 5.0.4 is vulnerable to Heartbleed? thks

jrodman · ‎10-14-2014

We did not update 5.0.4 in regards to heartbleed. However, since older versions of OpenSSL were not affected by this particular bug, 5.0.x versions were not affected by this particular bug either.

In general, however, 5.0.4 lacks many updates to many other components. I would not select a significantly antiquated release for the security-conscious, which was gkanapathy's point.

gkanapathy · ‎10-02-2014

5.0.4 is not a current maintenance release, and will certainly have vulnerabilities that are not in the current 5.0.x maintenance release. For example, 5.0.4 is still vulnerable to Heartbleed.

Does shellshock impact Splunk Enterprise 5.0.4

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life