Full Disclosure mailing list archives

Re: Splunk Vulnerability

From: JxT <jxt.lists () gmail com>
Date: Thu, 6 Sep 2012 00:18:44 -0600

On Wed, Sep 5, 2012 at 11:30 PM, Zach C. <fxchip () gmail com> wrote:

1.) The tool, Splunk, is designed to index logs
2.) Logs are arbitrary files.
Therefore,
3.) Splunk is designed to index arbitrary files.


Agreed, Splunk is doing exactly what it's designed to do. This is not a
vulnerability within Splunk itself.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Splunk Vulnerability Rodrigo Salvalagio (Sep 03)
- Re: Splunk Vulnerability Michael D. Wood (Sep 05)
  - Re: Splunk Vulnerability Zach C. (Sep 05)
    - Re: Splunk Vulnerability JxT (Sep 05)
    - Re: Splunk Vulnerability Michael D. Wood (Sep 06)
    - Re: Splunk Vulnerability Benji (Sep 06)
- <Possible follow-ups>
- Re: Splunk Vulnerability Michael D. Wood (Sep 06)