Lucene search

[email protected]CVE-2006-3589

HistoryJul 21, 2006 - 2:03 p.m.

CVE-2006-3589

2006-07-2114:03:00

[email protected]

web.nvd.nist.gov

vmware

linux

esx server

infrastructure 3

ssl key

umask

cve-2006-3589

nvd

security vulnerability

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.3%

JSON

vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

Affected configurations

NVD

Node

vmwareinfrastructureMatch3

vmwareplayer

vmwareserverMatch1.0.1_build_29996

vmwareworkstationMatch5.5.3

vmwareesxMatch2.0

vmwareesxMatch2.0.1

vmwareesxMatch2.1

vmwareesxMatch2.1.1

vmwareesxMatch2.1.2

vmwareesxMatch2.5

vmwareesxMatch2.5.2

CPENameOperatorVersion
vmware:infrastructurevmware infrastructureeq3
vmware:playervmware playereq*
vmware:servervmware servereq1.0.1_build_29996
vmware:workstationvmware workstationeq5.5.3
vmware:esxvmware esxeq2.0
vmware:esxvmware esxeq2.0.1
vmware:esxvmware esxeq2.1
vmware:esxvmware esxeq2.1.1
vmware:esxvmware esxeq2.1.2
vmware:esxvmware esxeq2.5

CPE	Name	Operator	Version
vmware:infrastructure	vmware infrastructure	eq	3
vmware:player	vmware player	eq	*
vmware:server	vmware server	eq	1.0.1_build_29996
vmware:workstation	vmware workstation	eq	5.5.3
vmware:esx	vmware esx	eq	2.0
vmware:esx	vmware esx	eq	2.0.1
vmware:esx	vmware esx	eq	2.1
vmware:esx	vmware esx	eq	2.1.1
vmware:esx	vmware esx	eq	2.1.2
vmware:esx	vmware esx	eq	2.5

Rows per page:

1-10 of 111

References

kb.vmware.com/kb/2467205

secunia.com/advisories/21120

secunia.com/advisories/23680

securitytracker.com/id?1016536

www.osvdb.org/27418

www.securityfocus.com/archive/1/440583/100/0/threaded

www.securityfocus.com/archive/1/441082/100/0/threaded

www.securityfocus.com/archive/1/456546/100/200/threaded

www.securityfocus.com/bid/19060

www.securityfocus.com/bid/19062

www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

www.vupen.com/english/advisories/2006/2880

exchange.xforce.ibmcloud.com/vulnerabilities/27881

3.6 Low

CVSS2

Attack Vector

LOCAL

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:L/AC:L/Au:N/C:P/I:P/A:N

6.4 Medium

AI Score

Confidence

Low

0.001 Low

EPSS

Percentile

20.3%

JSON

Related for CVE-2006-3589

nvd1 securityvulns1 cvelist1