Back to search
CVE-2017-18348
Published: Oct 19, 2018
Modified: Aug 5, 2024
PUBLISHED
Description
Splunk Enterprise 6.6.x, when configured to run as root but drop privileges to a specific non-root account, allows local users to gain privileges by leveraging access to that non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert Trojan horse programs into $SPLUNK_HOME/bin, because the non-root setup instructions state that chown should be run across all of $SPLUNK_HOME to give non-root access.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
https://www.splunk.com/view/SP-CAAAP3M
x_refsource_MISC
101664
vdb-entry
x_refsource_BID
https://korelogic.com/Resources/Advisories/KL-001-2017-022.txt
x_refsource_MISC
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now