CVE-2017-18348
CVE-2017-18348 affects Splunk Enterprise 6.6.x. When configured to run as root but drop privileges to a non-root account, local users can escalate privileges by abusing access to the non-root account to modify $SPLUNK_HOME/etc/splunk-launch.conf and insert trojan programs into $SPLUNK_HOME/bin. T...