Executive Summary

Title Sun Alert 261849 A Security Vulnerability in the Solaris iSCSI Management Commands (iscsiadm(1M) and iscsitadm(1M)) may Allow Privilege Escalation
Name SUN-261849 First vendor Publication 2009-09-21
Vendor Sun Last vendor Modification 2009-09-21
Severity (Vendor) N/A Revision N/A

Security-Database Scoring CVSS v3

Cvss vector : N/A
Overall CVSS Score NA
Base Score NA Environmental Score NA
impact SubScore NA Temporal Score NA
Exploitabality Sub Score NA
Calculate full CVSS 3.0 Vectors scores

Security-Database Scoring CVSS v2

Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C)
Cvss Base Score 7.2 Attack Range Local
Cvss Impact Score 10 Attack Complexity Low
Cvss Expoit Score 3.9 Authentication None Required
Calculate full CVSS 2.0 Vectors scores


Product: Solaris 10 Operating System OpenSolaris

A security vulnerability in the Solaris iSCSI management commands (iscsiadm(1M) and iscsitadm(1M)) may allow a local user who has been assigned an RBAC execution profile which specifies additional privileges for the iscsiadm(1M) or iscsitadm(1M) commands, such as the "File System Management" profile, to execute arbitrary commands with the privileges specified in the RBAC profile.
State: Resolved
First released: 21-Sep-2009

Original Source

Url : http://blogs.sun.com/security/entry/sun_alert_261849_a_security

CPE : Common Platform Enumeration

Os 161

OpenVAS Exploits

Date Description
2009-10-13 Name : Solaris Update for Sun iSCSI Device Driver and Utilities 119090-33
File : nvt/gb_solaris_119090_33.nasl

Open Source Vulnerability Database (OSVDB)

Id Description
58266 Solaris iSCSI Management iscsiadm / iscsitadm Command Local Privilege Escalation

Information Assurance Vulnerability Management (IAVM)

Date Description
2009-10-01 IAVM : 2009-A-0086 - Sun Solaris iSCSI Management Commands Local Privilege Escalation Vulnerability
Severity : Category II - VMSKEY : V0021633