SSL Key File Permission Issues in VMware for Linux and ESX Server
CVE-2006-3589
Currently unrated
Key Information:
- Vendor
Vmware
- Vendor
- CVE Published:
- 21 July 2006
What is CVE-2006-3589?
The 'vmware-config.pl' script in VMware for Linux, ESX Server 2.x, and Infrastructure 3 lacks proper error handling in the Perl chmod function. This oversight potentially leads to SSL key files being created with insecure file permissions, allowing local users to read or modify sensitive SSL keys. Organizations using these VMware products should ensure their environments are secured against unauthorized access to these critical files.