PT-2006-4464 · Vmware · Vmware+3

Published

2006-07-19

Updated

2018-10-30

CVE-2006-3589

CVSS v2.0

3.6

Low

Vector

AV:L/AC:L/Au:N/C:P/I:P/A:N

Name of the Vulnerable Software and Affected Versions VMware for Linux, ESX Server 2.x, and Infrastructure 3

Description The issue is related to the vmware-config.pl script, which fails to check the return code from a Perl chmod function call. This might cause an SSL key file to be created with an unsafe umask, allowing local users to read or modify the SSL key.

Recommendations For VMware for Linux, ESX Server 2.x, and Infrastructure 3, ensure that the vmware-config.pl script properly sets the permissions for the SSL key file to prevent unauthorized access. As a temporary workaround, consider manually setting the correct permissions for the SSL key file until a proper fix is applied.

Fix

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2006-3589

Affected Products

Esx Server

Infrastructure

Vmware

Vmware Workstation

PT-2006-4464 · Vmware · Vmware+3

CVE-2006-3589

Related Identifiers

Affected Products

References · 18