CVE-2006-3589 | Vulnerability Database | Aqua Security

vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

Affected Software

Name	Vendor	Start Version	End Version
Infrastructure	Vmware	3 (including)	3 (including)
Player	Vmware	*	*
Server	Vmware	1.0.1_build_29996 (including)	1.0.1_build_29996 (including)
Workstation	Vmware	5.5.3 (including)	5.5.3 (including)
Esx	Vmware	2.0 (including)	2.0 (including)
Esx	Vmware	2.0.1 (including)	2.0.1 (including)
Esx	Vmware	2.1 (including)	2.1 (including)
Esx	Vmware	2.1.1 (including)	2.1.1 (including)
Esx	Vmware	2.1.2 (including)	2.1.2 (including)
Esx	Vmware	2.5 (including)	2.5 (including)
Esx	Vmware	2.5.2 (including)	2.5.2 (including)

References

http://kb.vmware.com/kb/2467205
http://secunia.com/advisories/21120
http://secunia.com/advisories/23680
http://securitytracker.com/id?1016536
http://www.osvdb.org/27418
http://www.securityfocus.com/archive/1/440583/100/0/threaded
http://www.securityfocus.com/archive/1/441082/100/0/threaded
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.securityfocus.com/bid/19060
http://www.securityfocus.com/bid/19062
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vupen.com/english/advisories/2006/2880
https://exchange.xforce.ibmcloud.com/vulnerabilities/27881

NVD	https://nvd.nist.gov/vuln/detail/CVE-2006-3589
CWE	https://cwe.mitre.org/data/definitions/NVD-Other.html