Analyst readout for executives and security teams
Plain-English summary
This is a local privilege-escalation issue in Sun Solaris/OpenSolaris iSCSI administration tools. A user who already has specific RBAC execution rights may be able to gain higher privileges through unspecified libima-related vectors. The public record does not describe exploit details, impact scope beyond affected versions, or confirmed exploitation.
Executive priority
Treat this as a legacy-platform privilege risk. It is not documented as actively exploited, but affected Solaris systems with delegated iSCSI administration rights should be reviewed because compromise of a lower-privileged local account could lead to higher privileges.
Technical view
CVE-2009-3390 covers multiple unspecified vulnerabilities in iscsiadm and iscsitadm on Sun Solaris 10 and OpenSolaris snv_28 through snv_109. The issue is tied to libima and requires local access plus certain RBAC execution profiles. No CVSS, CWE, or technical root cause is provided in the source bundle.
Likely exposure
Exposure is most likely on legacy Solaris 10 or OpenSolaris systems where users have RBAC profiles allowing iscsiadm or iscsitadm execution. Modern non-Solaris systems are not identified as affected in the provided sources.
Exploitation context
The source bundle does not show CISA KEV listing, active exploitation, public exploit availability, or weaponized details. The attack context is local privilege escalation, not remote unauthenticated compromise, and appears constrained by RBAC profile assignment.
Researcher notes
The public record is sparse: vectors are unknown, affected product metadata is incomplete, and no CVSS or CWE is listed. Analysis should stay focused on Solaris 10/OpenSolaris iSCSI tooling, RBAC execution profiles, and libima references until vendor advisory content is obtained.
Mitigation direction
- Review Sun Alert 261849 and linked SunSolve guidance for official remediation.
- Inventory Solaris 10 and OpenSolaris snv_28 through snv_109 systems.
- Review RBAC profiles granting iscsiadm or iscsitadm execution rights.
- Restrict unnecessary iSCSI administration privileges until vendor guidance is applied.
- Plan migration or compensating controls for unsupported legacy Solaris hosts.
Validation and detection
- Confirm OS version and OpenSolaris build on potentially affected hosts.
- Identify users assigned RBAC profiles for iscsiadm or iscsitadm.
- Check whether libima-related vendor fixes are documented for each host.
- Verify remediation status against Sun/Oracle advisory records where available.
- Monitor privileged local account activity on affected legacy systems.
Public sources used
Based on public source material and reviewed before publication.
Conservative CVE-to-ATT&CK context
These mappings and lookup hints may be relevant to the vulnerability behavior, CWE, affected product, or exposure path. Glexia-inferred context is not an official MITRE, ATT&CK, CWE, or CVE Program mapping.
ATT&CK lookup starting points
Use these exact CWE pages and searches to review the Glexia ATT&CK library from this CVE's weakness and description context.
CVE-2009-3390 mapping review
Open the CVE-to-ATT&CK bridge for reviewed, inferred, or future official mappings tied to this CVE.
Open ATT&CK lookup- Severity
- Unknown
- CVSS
- Not scored
- Known Exploited
- No
- Published
CNA and ADP enrichment extracted from CVE v5
These fields come from the CVE record and ADP containers, not from Glexia's Take. They preserve time-varying source decisions such as CISA SSVC, KEV status, CVSS metrics, and provider references.
CVSS and timeline data
No CVSS vectors or timeline events were available in the normalized CVE source material.
Source materials
- CVE List V5 sourceCVE List V5
- 261849CVE reference · vendor-advisory, x_refsource_SUNALERT
- http://sunsolve.sun.com/search/document.do?assetkey=1-21-119090-33-1CVE reference · x_refsource_CONFIRM
Products and packages named in the record
CWE details
CWE links open Glexia weakness intelligence pages with official CWE context, developer remediation guidance, and related CVE mappings.
