CVE-2006-3589

Name of the Vulnerable Software and Affected Versions VMware for Linux, ESX Server 2.x, and Infrastructure 3

Description The issue is related to the vmware-config.pl script, which fails to check the return code from a Perl chmod function call. This might cause an SSL key file to be created with an unsafe umask, allowing local users to read or modify the SSL key.

Recommendations For VMware for Linux, ESX Server 2.x, and Infrastructure 3, ensure that the vmware-config.pl script properly sets the permissions for the SSL key file to prevent unauthorized access. As a temporary workaround, consider manually setting the correct permissions for the SSL key file until a proper fix is applied.