CVE-2006-3589

Currently unrated

Key Information:

Vendor: Vmware
Status: Server; Workstation; Infrastructure; Player
Vendor: CVE Published:; 21 July 2006

Summary

vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

References

http://www.vmware.com/support/esx21/doc/esx-213-200612-pa...

x_refsource_CONFIRM

http://www.securityfocus.com/bid/19060

vdb-entryx_refsource_BID

http://secunia.com/advisories/23680

third-party-advisoryx_refsource_SECUNIA

Timeline

Vulnerability published
Jul 21, 2006
Vulnerability Reserved
Jul 13, 2006