CVE-2006-3589

Published Jul 21, 2006

Last updated 6 years ago

Overview

Description: vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
Source: cve@mitre.org
NVD status: Modified

Hype score: Not currently trending

Risk scores

CVSS 2.0

Type: Primary
Base score: 3.6
Impact score: 4.9
Exploitability score: 3.9
Vector string: AV:L/AC:L/Au:N/C:P/I:P/A:N

Weaknesses

nvd@nist.gov: NVD-CWE-Other

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:vmware:infrastructure:3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "AD0E3A11-F411-4653-96ED-05ECE4DCF401"
          },
          {
            "criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "5A9A9E09-959A-4A99-A25C-09AA4FA646D5"
          },
          {
            "criteria": "cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EB051A5C-5F66-4732-949A-48B0FDE4AFF1"
          },
          {
            "criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esx:2.0:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "A348CABB-CD52-4C55-9653-154C75605CD1"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esx:2.0.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "BA74505A-3550-4646-B2D6-6E6D0924023D"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esx:2.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "7632C2AE-4B59-4B17-8A6B-C1D05C2824FA"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esx:2.1.1:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "EC77D81A-12AA-4948-9970-9461289DC648"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esx:2.1.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "54A10ABE-E778-4133-B1AA-05FE6829A34A"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esx:2.5:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C2CB97F9-9DF6-4493-A245-F4901F4DD22E"
          },
          {
            "criteria": "cpe:2.3:o:vmware:esx:2.5.2:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "C862131A-64D8-4C2D-815F-19971D63AF00"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

Overview

Social media

Risk scores

CVSS 2.0

Weaknesses

Configurations

References