SSL Key File Permission Issues in VMware for Linux and ESX Server
CVE-2006-3589

Currently unrated

Key Information:

Vendor: Vmware
Status: Server; Workstation; Infrastructure; Player
Vendor: CVE Published:; 21 July 2006

What is CVE-2006-3589?

The 'vmware-config.pl' script in VMware for Linux, ESX Server 2.x, and Infrastructure 3 lacks proper error handling in the Perl chmod function. This oversight potentially leads to SSL key files being created with insecure file permissions, allowing local users to read or modify sensitive SSL keys. Organizations using these VMware products should ensure their environments are secured against unauthorized access to these critical files.

References

http://www.vmware.com/support/esx21/doc/esx-213-200612-pa...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/19060

vdb-entryx_refsource_BID

http://secunia.com/advisories/23680

third-party-advisoryx_refsource_SECUNIA

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jul 21, 2006
Vulnerability Reserved
Jul 13, 2006

Vmware

What is CVE-2006-3589?

References

Timeline