I agree. Splunk *IS* doing what it was designed to do. -- Michael D. Wood ITSecurityPros.org www.itsecuritypros.org From: JxT [mailto:jxt.lists@xxxxxxxxx] Sent: Thursday, September 06, 2012 2:19 AM To: Zach C. Cc: Michael D. Wood; full-disclosure@xxxxxxxxxxxxxxxxx Subject: Re: [Full-disclosure] Splunk Vulnerability On Wed, Sep 5, 2012 at 11:30 PM, Zach C. <fxchip@xxxxxxxxx> wrote: 1.) The tool, Splunk, is designed to index logs 2.) Logs are arbitrary files. Therefore, 3.) Splunk is designed to index arbitrary files. Agreed, Splunk is doing exactly what it's designed to do. This is not a vulnerability within Splunk itself.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/