CVE-2006-3589 - vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return

CVE-2006-3589

Summary

vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

References

Vulnerable Configurations

cpe:2.3:a:vmware:infrastructure:3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:infrastructure:3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*
cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.0.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.0.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.1.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.1.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.1.2:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.1.2:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.5:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.5:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.5.2:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.5.2:*:*:*:*:*:*:*

CVSS

Base:	3.6 (as of 30-10-2018 - 16:26)
Impact:
Exploitability:

CWE

NVD-CWE-Other

CAPEC

Access

Vector	Complexity	Authentication
LOCAL	LOW	NONE

Impact

Confidentiality	Integrity	Availability
PARTIAL	PARTIAL	NONE

cvss-vector via4

AV:L/AC:L/Au:N/C:P/I:P/A:N

refmap via4

bid	19060 19062
bugtraq	20060718 VMSA-2006-0003 VMware possible incorrect permissions on SSL key files 20060725 Advisory: VMware Possible Incorrect Permissions On SSL Key Files 20070110 VMware ESX server security updates
confirm	http://kb.vmware.com/kb/2467205 http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
osvdb	27418
sectrack	1016536
secunia	21120 23680
vupen	ADV-2006-2880
xf	vmware-vmwareconfig-file-permissions(27881)

Last major update

30-10-2018 - 16:26

Published

21-07-2006 - 14:03

Last modified

30-10-2018 - 16:26