Vigil@nce: Solaris, privilege elevation via iSCSI
September 2009 by Vigil@nce
SYNTHESIS OF THE VULNERABILITY
A local attacker, allowed to execute iscsiadm and iscsitadm with a
privileged RBAC profile, can execute commands with this privilege.
Severity: 2/4
Consequences: administrator access/rights
Provenance: user shell
Means of attack: no proof of concept, no attack
Ability of attacker: expert (4/4)
Confidence: confirmed by the editor (5/5)
Diffusion of the vulnerable configuration: high (3/3)
Creation date: 22/09/2009
IMPACTED PRODUCTS
– OpenSolaris
– Sun Solaris
DESCRIPTION OF THE VULNERABILITY
The /usr/sbin/iscsiadm and /usr/sbin/iscsitadm commands are used
to administer iSCSI devices.
A local attacker, allowed to execute iscsiadm and iscsitadm with a
privileged RBAC profile such as "File System Management", can
execute commands with this privilege.
Technical details are unknown.
CHARACTERISTICS
Identifiers: 261849, 6801126, BID-36474, VIGILANCE-VUL-9039
http://vigilance.fr/vulnerability/Solaris-privilege-elevation-via-iSCSI-9039