EIP-2026-102837

Exploitation Summary

EIP tracks 1 public exploit for EIP-2026-102837. PoCs published by Google Security Research.

AI-analyzed exploit summary This exploit leverages a writable Snort configuration file by the 'contents' group to load a malicious shared library via the 'dynamicengine' directive, achieving root privilege escalation on a FireEye appliance. The shared library executes arbitrary commands upon Snort process restart.

Description

FireEye - Malware Input Processor Privilege Escalation

Exploits (1)

exploitdb WORKING POC VERIFIED

by Google Security Research · textlocallinux

https://www.exploit-db.com/exploits/39628

View Code ZIP pw:eip

This exploit leverages a writable Snort configuration file by the 'contents' group to load a malicious shared library via the 'dynamicengine' directive, achieving root privilege escalation on a FireEye appliance. The shared library executes arbitrary commands upon Snort process restart.

Classification

Working Poc 95%

Attack Type

Lpe

Complexity

Moderate

Reliability

Reliable

Target: FireEye appliance (Snort configuration)

Auth required

Prerequisites: Access to the 'mip' user or a user with supplementary 'contents' group · Write access to a directory with 'exec' mount option (e.g., /dev/shm) · Ability to restart Snort process or wait for automatic restart

MITRE ATT&CK

T1548.001 - Setuid and Setgid T1574.006 - Dynamic Linker Hijacking

devstral-2 · analyzed Feb 16, 2026 Full analysis →

FireEye - Malware Input Processor Privilege Escalation

Exploitation Summary

Description

Exploits (1)

Details