OpenSSL crypto library (libcrypto.so) incorrectly compiled with stack execution bit set in Splunk Enterprise and Universal Forwarder on certain operating systems
Published: 2024-07-01
Last Update: 2024-07-01
CVSSv3.1 Score: NA, Informational
CVSSv3.1 Vector: NA
CWE: CWE-119
Bug ID: VULN-14673
Description
In certain specific versions and platform architectures of Splunk Enterprise and the Universal Forwarder, the cryptographic library for OpenSSL (libcrypto.so) was incorrectly compiled with its stack execution bit set. Setting the executable bit on .so library files is not a direct vulnerability,.
The problem affects the following versions of the Splunk platform only:
- Splunk Enterprise on Linux: 9.2.1, 9.2.0.1, 9.2.0, 9.1.4, 9.1.3, 9.0.9, and 9.0.8
- Universal Forwarder on Solaris: all versions below 9.2.2, 9.1.5, and 9.0.10.
The problem does not affect the following versions of the Splunk platform:
- Splunk Enterprise on Windows or MacOS.
- Universal Forwarder on Windows, MacOS, Linux, FreeBSD, or AIX.
Solution
Upgrade Splunk Enterprise on Linux and Universal Forwarder on Solaris to versions 9.2.2, 9.1.5, and 9.0.10, or higher.
Product Status
| Product | Version | Component | Affected Version | Fix Version |
|---|---|---|---|---|
| Splunk Enterprise - Linux | 9.2 | libcrypto | 9.2.0 to 9.2.1 | 9.2.2 |
| Splunk Enterprise - Linux | 9.1 | libcrypto | 9.1.3 to 9.1.4 | 9.1.5 |
| Splunk Enterprise - Linux | 9.0 | libcrypto | 9.0.8 to 9.0.9 | 9.0.10 |
| Universal Forwarder - Solaris | 9.2 | libcrypto | 9.2.0 to 9.2.1 | 9.2.2 |
| Universal Forwarder - Solaris | 9.1 | libcrypto | 9.1.0 to 9.1.4 | 9.1.5 |
| Universal Forwarder - Solaris | 9.0 | libcrypto | 9.0.0 to 9.0.9 | 9.0.10 |
Mitigations and Workarounds
None
Detections
None
Severity
This advisory is informational only. A severity rating does not apply and the Common Vulnerability Scoring System (CVSS) is not applicable.