On Sunday, Kristian Erik Hermansen disclosed a zero-day vulnerability in FireEye’s core product, which if exploited, results in unauthorized file disclosure. As proof, he also posted a brief example of how to trigger the vulnerability and a copy of the
/etc/passwd file. What’s more, he claims to have three other vulnerabilities, and says they’re for sale.
Based on the published information on Exploit-DB and Pastebin, the basic setup of the compromised appliance is exactly what you’d expect it to be; the box has Apache, pushing PHP, running as root.