Executive Summary
| Summary | |
|---|---|
| Title | Sun Alert 261849 A Security Vulnerability in the Solaris iSCSI Management Commands (iscsiadm(1M) and iscsitadm(1M)) may Allow Privilege Escalation |
| Informations | |||
|---|---|---|---|
| Name | SUN-261849 | First vendor Publication | 2009-09-21 |
| Vendor | Sun | Last vendor Modification | 2009-09-21 |
| Severity (Vendor) | N/A | Revision | N/A |
Security-Database Scoring CVSS v3
| Cvss vector : N/A | |||
|---|---|---|---|
| Overall CVSS Score | NA | ||
| Base Score | NA | Environmental Score | NA |
| impact SubScore | NA | Temporal Score | NA |
| Exploitabality Sub Score | NA | ||
| Calculate full CVSS 3.0 Vectors scores | |||
Security-Database Scoring CVSS v2
| Cvss vector : (AV:L/AC:L/Au:N/C:C/I:C/A:C) | |||
|---|---|---|---|
| Cvss Base Score | 7.2 | Attack Range | Local |
| Cvss Impact Score | 10 | Attack Complexity | Low |
| Cvss Expoit Score | 3.9 | Authentication | None Required |
| Calculate full CVSS 2.0 Vectors scores | |||
Detail
| Product: Solaris 10 Operating System OpenSolaris A security vulnerability in the Solaris iSCSI management commands (iscsiadm(1M) and iscsitadm(1M)) may allow a local user who has been assigned an RBAC execution profile which specifies additional privileges for the iscsiadm(1M) or iscsitadm(1M) commands, such as the "File System Management" profile, to execute arbitrary commands with the privileges specified in the RBAC profile. State: Resolved First released: 21-Sep-2009 |
Original Source
| Url : http://blogs.sun.com/security/entry/sun_alert_261849_a_security |
CPE : Common Platform Enumeration
OpenVAS Exploits
| Date | Description |
|---|---|
| 2009-10-13 | Name : Solaris Update for Sun iSCSI Device Driver and Utilities 119090-33 File : nvt/gb_solaris_119090_33.nasl |
Open Source Vulnerability Database (OSVDB)
| Id | Description |
|---|---|
| 58266 | Solaris iSCSI Management iscsiadm / iscsitadm Command Local Privilege Escalation |
Information Assurance Vulnerability Management (IAVM)
| Date | Description |
|---|---|
| 2009-10-01 | IAVM : 2009-A-0086 - Sun Solaris iSCSI Management Commands Local Privilege Escalation Vulnerability Severity : Category II - VMSKEY : V0021633 |
