Vulnerabilities > CVE-2006-3589 - Information Disclosure vulnerability in VMware

CVSS 3.6 - LOW

Attack vector

LOCAL

Attack complexity

LOW

Privileges required

NONE

Confidentiality impact

PARTIAL

Integrity impact

PARTIAL

Availability impact

NONE

local

low complexity

vmware

NVD

Published: 2006-07-21

Updated: 2018-10-30

Summary

vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

Vulnerable Configurations

Part	Description	Count
Application	Vmware Vmware Infrastructure 3 Vmware Player * Vmware Server 1.0.1_Build_29996 Vmware Workstation 5.5.3	4
OS	Vmware Vmware ESX 2.0 Vmware ESX 2.0.1 Vmware ESX 2.1 Vmware ESX 2.1.1 Vmware ESX 2.1.2 Vmware ESX 2.5 Vmware ESX 2.5.2	7

References

http://kb.vmware.com/kb/2467205
http://secunia.com/advisories/21120
http://secunia.com/advisories/23680
http://securitytracker.com/id?1016536
http://www.osvdb.org/27418
http://www.securityfocus.com/archive/1/440583/100/0/threaded
http://www.securityfocus.com/archive/1/441082/100/0/threaded
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.securityfocus.com/bid/19060
http://www.securityfocus.com/bid/19062
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vupen.com/english/advisories/2006/2880
https://exchange.xforce.ibmcloud.com/vulnerabilities/27881