CVE-2006-3589 - OpenCVE

vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

No CVSS v3.1

No CVSS v3.0

Access Vector Local

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact Partial

Availability Impact None

AV:L/AC:L/Au:N/C:P/I:P/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Vmware	Workstation Esx Server Player Infrastructure

Configuration 1 [-]

OR	cpe:2.3:a:vmware:infrastructure:3:::::::*
	cpe:2.3:a:vmware:player::::::::
	cpe:2.3:a:vmware:server:1.0.1_build_29996:::::::*
	cpe:2.3:a:vmware:workstation:5.5.3:::::::*
	cpe:2.3:o:vmware:esx:2.0:::::::*
	cpe:2.3:o:vmware:esx:2.0.1:::::::*
	cpe:2.3:o:vmware:esx:2.1:::::::*
	cpe:2.3:o:vmware:esx:2.1.1:::::::*
	cpe:2.3:o:vmware:esx:2.1.2:::::::*
	cpe:2.3:o:vmware:esx:2.5:::::::*
	cpe:2.3:o:vmware:esx:2.5.2:::::::*

References

Link	Resource
http://kb.vmware.com/kb/2467205
http://secunia.com/advisories/21120	Vendor Advisory
http://secunia.com/advisories/23680
http://securitytracker.com/id?1016536
http://www.osvdb.org/27418
http://www.securityfocus.com/archive/1/440583/100/0/threaded
http://www.securityfocus.com/archive/1/441082/100/0/threaded
http://www.securityfocus.com/archive/1/456546/100/200/threaded
http://www.securityfocus.com/bid/19060
http://www.securityfocus.com/bid/19062
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vupen.com/english/advisories/2006/2880
https://exchange.xforce.ibmcloud.com/vulnerabilities/27881

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: mitre

Published: 2006-07-19T23:00:00

Updated: 2018-10-18T14:57:01

Reserved: 2006-07-13T00:00:00

Link: CVE-2006-3589

JSON object: View

NVD Information

Status : Modified

Published: 2006-07-21T14:03:00.000

Modified: 2018-10-30T16:26:23.420

Link: CVE-2006-3589

JSON object: View

Redhat Information

No data.

CWE

NVD-CWE-Other

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-19T00:00:00", "descriptions": [{"lang": "en", "value": "vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"}, {"name": "19060", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19060"}, {"name": "23680", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23680"}, {"name": "21120", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21120"}, {"name": "1016536", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016536"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"}, {"name": "20060718 VMSA-2006-0003 VMware possible incorrect permissions on SSL key files", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440583/100/0/threaded"}, {"name": "ADV-2006-2880", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2880"}, {"name": "19062", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19062"}, {"name": "20070110 VMware ESX server security updates", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"}, {"name": "27418", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27418"}, {"name": "vmware-vmwareconfig-file-permissions(27881)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27881"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.vmware.com/kb/2467205"}, {"name": "20060725 Advisory: VMware Possible Incorrect Permissions On SSL Key Files", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/441082/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3589", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"}, {"name": "19060", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19060"}, {"name": "23680", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23680"}, {"name": "21120", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21120"}, {"name": "1016536", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016536"}, {"name": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"}, {"name": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"}, {"name": "20060718 VMSA-2006-0003 VMware possible incorrect permissions on SSL key files", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440583/100/0/threaded"}, {"name": "ADV-2006-2880", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2880"}, {"name": "19062", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19062"}, {"name": "20070110 VMware ESX server security updates", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"}, {"name": "27418", "refsource": "OSVDB", "url": "http://www.osvdb.org/27418"}, {"name": "vmware-vmwareconfig-file-permissions(27881)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27881"}, {"name": "http://kb.vmware.com/kb/2467205", "refsource": "CONFIRM", "url": "http://kb.vmware.com/kb/2467205"}, {"name": "20060725 Advisory: VMware Possible Incorrect Permissions On SSL Key Files", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/441082/100/0/threaded"}, {"name": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"}]}}}}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3589", "datePublished": "2006-07-19T23:00:00", "dateReserved": "2006-07-13T00:00:00", "dateUpdated": "2018-10-18T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:infrastructure:3:*:*:*:*:*:*:*", "matchCriteriaId": "AD0E3A11-F411-4653-96ED-05ECE4DCF401", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A9A9E09-959A-4A99-A25C-09AA4FA646D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*", "matchCriteriaId": "EB051A5C-5F66-4732-949A-48B0FDE4AFF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A348CABB-CD52-4C55-9653-154C75605CD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BA74505A-3550-4646-B2D6-6E6D0924023D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7632C2AE-4B59-4B17-8A6B-C1D05C2824FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC77D81A-12AA-4948-9970-9461289DC648", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "54A10ABE-E778-4133-B1AA-05FE6829A34A", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "C2CB97F9-9DF6-4493-A245-F4901F4DD22E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "C862131A-64D8-4C2D-815F-19971D63AF00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key."}, {"lang": "es", "value": "vmware-config.pl en VMware for Linux, ESX Server 2.x, y Infrastructure 3 no valida el c\u00f3digo de retorno desde la llamada a la funci\u00f3n Perl chmod, lo cual podr\u00eda permitir un fichero llave SSL sea creado con una umask no segura que permite a usuarios locales leer o modificar la llave SSL."}], "id": "CVE-2006-3589", "lastModified": "2018-10-30T16:26:23.420", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-21T14:03:00.000", "references": [{"source": "cve@mitre.org", "url": "http://kb.vmware.com/kb/2467205"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21120"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23680"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016536"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27418"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440583/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/441082/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19060"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19062"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2880"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27881"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}