CVE-2006-3589

high

Description

vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

References

https://exchange.xforce.ibmcloud.com/vulnerabilities/27881

http://www.vupen.com/english/advisories/2006/2880

http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://www.securityfocus.com/bid/19062

http://www.securityfocus.com/bid/19060

http://www.securityfocus.com/archive/1/456546/100/200/threaded

http://www.securityfocus.com/archive/1/441082/100/0/threaded

http://www.securityfocus.com/archive/1/440583/100/0/threaded

http://www.osvdb.org/27418

http://securitytracker.com/id?1016536

http://secunia.com/advisories/23680

http://secunia.com/advisories/21120

http://kb.vmware.com/kb/2467205

Details

Source: Mitre, NVD

Published: 2006-07-21

Updated: 2026-04-16

Risk Information

CVSS v2

Base Score: 3.6

Vector: CVSS2#AV:L/AC:L/Au:N/C:P/I:P/A:N

Severity: Low

CVSS v3

Base Score: 7.1

Vector: CVSS:3.0/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:N

Severity: High

EPSS

EPSS: 0.00066