Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Splunk Vulnerability

From: Benji <me () b3nji com>
Date: Thu, 6 Sep 2012 09:53:37 +0100
well Im glad we got multiple emails saying you all agree,.

On Thu, Sep 6, 2012 at 8:50 AM, Michael D. Wood <mike () itsecuritypros org> wrote:

I agree.  Splunk *IS* doing what it was designed to do.



--

Michael D. Wood

ITSecurityPros.org

www.itsecuritypros.org



From: JxT [mailto:jxt.lists () gmail com]
Sent: Thursday, September 06, 2012 2:19 AM
To: Zach C.
Cc: Michael D. Wood; full-disclosure () lists grok org uk
Subject: Re: [Full-disclosure] Splunk Vulnerability



On Wed, Sep 5, 2012 at 11:30 PM, Zach C. <fxchip () gmail com> wrote:

1.) The tool, Splunk, is designed to index logs
2.) Logs are arbitrary files.
Therefore,
3.) Splunk is designed to index arbitrary files.



Agreed, Splunk is doing exactly what it's designed to do. This is not a
vulnerability within Splunk itself.


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: