CVE-2006-3589

Severity

36%

Complexity

39%

Confidentiality

81%

vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

CVSS 2.0 Base Score 3.6. CVSS Attack Vector: local. CVSS Attack Complexity: low. CVSS Vector: (AV:L/AC:L/Au:N/C:P/I:P/A:N).

Overview

Type

VMWare

First reported 18 years ago

2006-07-21 14:03:00

Last updated 6 years ago

2018-10-30 16:26:00

Affected Software

VMWare VMWare Infrastructure 3

3

VMWare Player

VMWare VMware Server 1.0.1.29996

1.0.1_build_29996

VMWare VMWare 5.5.3

5.5.3

VMWare ESX 2.0

2.0

VMWare ESX 2.0.1

2.0.1

VMWare ESX 2.1

2.1

VMWare ESX 2.1.1

2.1.1

VMWare ESX 2.1.2

2.1.2

VMWare ESX 2.5

2.5

VMWare ESX 2.5.2

2.5.2

References

http://kb.vmware.com/kb/2467205

21120

Vendor Advisory

23680

1016536

27418

20060718 VMSA-2006-0003 VMware possible incorrect permissions on SSL key files

20060725 Advisory: VMware Possible Incorrect Permissions On SSL Key Files

20070110 VMware ESX server security updates

19060

19062

http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ADV-2006-2880

vmware-vmwareconfig-file-permissions(27881)

Stay updated

ExploitPedia is constantly evolving. Sign up to receive a notification when we release additional functionality.

Get in touch

If you'd like to report a bug or have any suggestions for improvements then please do get in touch with us using this form. We will get back to you as soon as we can.