CVE-2006-3589

  1. OpenCVE
  2. Vulnerabilities (CVE)
  3. CVE-2006-3589
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

3.6 /10

CVSS v2.0 : LOW

V2 Legend

Vector : AV:L/AC:L/Au:N/C:P/I:P/A:N

Exploitability : 3.9 / Impact : 4.9

Access Vector LOCAL

Access Complexity LOW

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact PARTIAL

Availability Impact NONE

References
Link Resource
http://kb.vmware.com/kb/2467205
http://secunia.com/advisories/21120 Vendor Advisory
http://secunia.com/advisories/23680
http://securitytracker.com/id?1016536
http://www.osvdb.org/27418
http://www.securityfocus.com/archive/1/440583/100/0/threaded
http://www.securityfocus.com/archive/1/441082/100/0/threaded
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.securityfocus.com/bid/19060
http://www.securityfocus.com/bid/19062
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vupen.com/english/advisories/2006/2880
https://exchange.xforce.ibmcloud.com/vulnerabilities/27881
http://kb.vmware.com/kb/2467205
http://secunia.com/advisories/21120 Vendor Advisory
http://secunia.com/advisories/23680
http://securitytracker.com/id?1016536
http://www.osvdb.org/27418
http://www.securityfocus.com/archive/1/440583/100/0/threaded
http://www.securityfocus.com/archive/1/441082/100/0/threaded
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.securityfocus.com/bid/19060
http://www.securityfocus.com/bid/19062
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vupen.com/english/advisories/2006/2880
https://exchange.xforce.ibmcloud.com/vulnerabilities/27881
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:vmware:infrastructure:3:*:*:*:*:*:*:*
cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*
cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.0:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.0.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.1.1:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.1.2:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.5:*:*:*:*:*:*:*
cpe:2.3:o:vmware:esx:2.5.2:*:*:*:*:*:*:*
History

21 Nov 2024, 00:13

Type Values Removed Values Added
References () http://kb.vmware.com/kb/2467205 - () http://kb.vmware.com/kb/2467205 -
References () http://secunia.com/advisories/21120 - Vendor Advisory () http://secunia.com/advisories/21120 - Vendor Advisory
References () http://secunia.com/advisories/23680 - () http://secunia.com/advisories/23680 -
References () http://securitytracker.com/id?1016536 - () http://securitytracker.com/id?1016536 -
References () http://www.osvdb.org/27418 - () http://www.osvdb.org/27418 -
References () http://www.securityfocus.com/archive/1/440583/100/0/threaded - () http://www.securityfocus.com/archive/1/440583/100/0/threaded -
References () http://www.securityfocus.com/archive/1/441082/100/0/threaded - () http://www.securityfocus.com/archive/1/441082/100/0/threaded -
References () http://www.securityfocus.com/archive/1/456546/100/200/threaded - () http://www.securityfocus.com/archive/1/456546/100/200/threaded -
References () http://www.securityfocus.com/bid/19060 - () http://www.securityfocus.com/bid/19060 -
References () http://www.securityfocus.com/bid/19062 - () http://www.securityfocus.com/bid/19062 -
References () http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html - () http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html -
References () http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html - () http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html -
References () http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html - () http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html -
References () http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html - () http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html -
References () http://www.vupen.com/english/advisories/2006/2880 - () http://www.vupen.com/english/advisories/2006/2880 -
References () https://exchange.xforce.ibmcloud.com/vulnerabilities/27881 - () https://exchange.xforce.ibmcloud.com/vulnerabilities/27881 -
Information

Published : 2006-07-21 14:03

Updated : 2024-11-21 00:13

NVD link : CVE-2006-3589

Mitre link : CVE-2006-3589

CVE.ORG link : CVE-2006-3589

JSON object : View

Products Affected

vmware

  • workstation
  • server
  • esx
  • infrastructure
  • player
CWE
NVD-CWE-Other