| Vulnerability Name: | CVE-2006-3589 (CCN-27881) | ||||||||
| Assigned: | 2006-07-18 | ||||||||
| Published: | 2006-07-18 | ||||||||
| Updated: | 2018-10-30 | ||||||||
| Summary: | vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key. | ||||||||
| CVSS v3 Severity: | 5.1 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N)
| ||||||||
| CVSS v2 Severity: | 3.6 Low (CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N) 2.6 Low (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
2.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:P/I:P/A:N/E:U/RL:OF/RC:C)
| ||||||||
| Vulnerability Type: | CWE-Other | ||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||
| References: | Source: CCN Type: BugTraq Mailing List, Tue Jul 18 2006 - 16:53:48 CDT VMSA-2006-0003 VMware possible incorrect permissions on SSL key files Source: CCN Type: BugTraq Mailing List, Mon Jul 24 2006 - 20:57:29 CDT Advisory: VMware Possible Incorrect Permissions On SSL Key Files Source: CCN Type: Full-Disclosure Mailing List, Mon Jan 08 2007 - 20:17:36 CST VMware ESX server security updates Source: MITRE Type: CNA CVE-2006-3589 Source: CONFIRM Type: UNKNOWN http://kb.vmware.com/kb/2467205 Source: CCN Type: VMware View Document Doc ID: 2467205 The Configuration Program vmware-config Might Set Incorrect Permissions on SSL Key Files Source: CCN Type: SA21120 VMware vmware-config.pl Insecure SSL Key File Permissions Source: SECUNIA Type: Vendor Advisory 21120 Source: CCN Type: SA23680 VMWare ESX Server Multiple Vulnerabilities Source: SECUNIA Type: UNKNOWN 23680 Source: CCN Type: SECTRACK ID: 1016536 VMware May Fail to Set Safe SSL Key File Permissions Source: SECTRACK Type: UNKNOWN 1016536 Source: OSVDB Type: UNKNOWN 27418 Source: CCN Type: OSVDB ID: 27418 VMware vmware-config.pl SSL Key File Permission Weakness Source: BUGTRAQ Type: UNKNOWN 20060718 VMSA-2006-0003 VMware possible incorrect permissions on SSL key files Source: BUGTRAQ Type: UNKNOWN 20060725 Advisory: VMware Possible Incorrect Permissions On SSL Key Files Source: BUGTRAQ Type: UNKNOWN 20070110 VMware ESX server security updates Source: BID Type: UNKNOWN 19060 Source: CCN Type: BID-19060 VMware Information Disclosure Vulnerability Source: BID Type: UNKNOWN 19062 Source: CCN Type: BID-19062 RETIRED: VMware SSL Key File Information Disclosure Weakness Source: CCN Type: VMware Web site VMware Server Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html Source: CONFIRM Type: UNKNOWN http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html Source: VUPEN Type: UNKNOWN ADV-2006-2880 Source: XF Type: UNKNOWN vmware-vmwareconfig-file-permissions(27881) Source: XF Type: UNKNOWN vmware-vmwareconfig-file-permissions(27881) | ||||||||
| Vulnerable Configuration: | Configuration 1: Configuration CCN 1:  Denotes that component is vulnerable | ||||||||
| BACK | |||||||||