Splunk version 6.6.x suffers from a local privilege escalation vulnerability. Splunk can be configured to run as a non-root user. However, that user owns the configuration file that specifies the user to run as, so it can trivially gain root privileges.
927ecfe19fe31d3c7e09dd53fc3c4d83c00e61f2fd48f776a815cc3fefe9be2c