CVE-2006-3589

vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

Published: Jul 21, 2006
Updated: Apr 13, 2023
CVE: CVE-2006-3589
Severity: Low
Exploit:

CVSS v2:

Severity: Low
Score: 3.6
AV:L/AC:L/Au:N/C:P/I:P/A:N

No CWE or OWASP classifications available.

Affected Software
References

Software	From	Fixed in
vmware / server	1.0.1_build_29996	1.0.1_build_29996.x
vmware / workstation	5.5.3	5.5.3.x
vmware / infrastructure	3	3.x
vmware / player	-	-
vmware / esx	2.0	2.0.x
vmware / esx	2.0.1	2.0.1.x
vmware / esx	2.1.2	2.1.2.x
vmware / esx	2.5	2.5.x
vmware / esx	2.5.2	2.5.2.x
vmware / esx	2.1.1	2.1.1.x
vmware / esx	2.1	2.1.x

http://kb.vmware.com/kb/2467205
http://secunia.com/advisories/21120
http://secunia.com/advisories/23680
http://securitytracker.com/id?1016536
http://www.osvdb.org/27418
http://www.securityfocus.com/archive/1/440583/100/0/threaded
http://www.securityfocus.com/archive/1/441082/100/0/threaded
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.securityfocus.com/bid/19060
http://www.securityfocus.com/bid/19062
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vupen.com/english/advisories/2006/2880
https://exchange.xforce.ibmcloud.com/vulnerabilities/27881

Vulnerability Database

289,599

CVE-2006-3589