SSL Key File Permission Issues in VMware for Linux and ESX Server
CVE-2006-3589

Currently unrated

Key Information:

Vendor

Vmware

Vendor
CVE Published:
21 July 2006

What is CVE-2006-3589?

The 'vmware-config.pl' script in VMware for Linux, ESX Server 2.x, and Infrastructure 3 lacks proper error handling in the Perl chmod function. This oversight potentially leads to SSL key files being created with insecure file permissions, allowing local users to read or modify sensitive SSL keys. Organizations using these VMware products should ensure their environments are secured against unauthorized access to these critical files.

References

Timeline

  • Vulnerability published

  • Vulnerability Reserved

.