{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2006-07-19T00:00:00", "descriptions": [{"lang": "en", "value": "vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-18T14:57:01", "orgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "shortName": "mitre"}, "references": [{"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"}, {"name": "19060", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19060"}, {"name": "23680", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23680"}, {"name": "21120", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/21120"}, {"name": "1016536", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1016536"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"}, {"name": "20060718 VMSA-2006-0003 VMware possible incorrect permissions on SSL key files", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/440583/100/0/threaded"}, {"name": "ADV-2006-2880", "tags": ["vdb-entry", "x_refsource_VUPEN"], "url": "http://www.vupen.com/english/advisories/2006/2880"}, {"name": "19062", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/19062"}, {"name": "20070110 VMware ESX server security updates", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"}, {"name": "27418", "tags": ["vdb-entry", "x_refsource_OSVDB"], "url": "http://www.osvdb.org/27418"}, {"name": "vmware-vmwareconfig-file-permissions(27881)", "tags": ["vdb-entry", "x_refsource_XF"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27881"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://kb.vmware.com/kb/2467205"}, {"name": "20060725 Advisory: VMware Possible Incorrect Permissions On SSL Key Files", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://www.securityfocus.com/archive/1/441082/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"}], "x_legacyV4Record": {"CVE_data_meta": {"ASSIGNER": "cve@mitre.org", "ID": "CVE-2006-3589", "STATE": "PUBLIC"}, "affects": {"vendor": {"vendor_data": [{"product": {"product_data": [{"product_name": "n/a", "version": {"version_data": [{"version_value": "n/a"}]}}]}, "vendor_name": "n/a"}]}}, "data_format": "MITRE", "data_type": "CVE", "data_version": "4.0", "description": {"description_data": [{"lang": "eng", "value": "vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key."}]}, "problemtype": {"problemtype_data": [{"description": [{"lang": "eng", "value": "n/a"}]}]}, "references": {"reference_data": [{"name": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"}, {"name": "19060", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19060"}, {"name": "23680", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/23680"}, {"name": "21120", "refsource": "SECUNIA", "url": "http://secunia.com/advisories/21120"}, {"name": "1016536", "refsource": "SECTRACK", "url": "http://securitytracker.com/id?1016536"}, {"name": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"}, {"name": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"}, {"name": "20060718 VMSA-2006-0003 VMware possible incorrect permissions on SSL key files", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/440583/100/0/threaded"}, {"name": "ADV-2006-2880", "refsource": "VUPEN", "url": "http://www.vupen.com/english/advisories/2006/2880"}, {"name": "19062", "refsource": "BID", "url": "http://www.securityfocus.com/bid/19062"}, {"name": "20070110 VMware ESX server security updates", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"}, {"name": "27418", "refsource": "OSVDB", "url": "http://www.osvdb.org/27418"}, {"name": "vmware-vmwareconfig-file-permissions(27881)", "refsource": "XF", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27881"}, {"name": "http://kb.vmware.com/kb/2467205", "refsource": "CONFIRM", "url": "http://kb.vmware.com/kb/2467205"}, {"name": "20060725 Advisory: VMware Possible Incorrect Permissions On SSL Key Files", "refsource": "BUGTRAQ", "url": "http://www.securityfocus.com/archive/1/441082/100/0/threaded"}, {"name": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html", "refsource": "CONFIRM", "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"}]}}}, "adp": [{"providerMetadata": {"orgId": "af854a3a-2127-422b-91ae-364da2661108", "shortName": "CVE", "dateUpdated": "2024-08-07T18:30:34.466Z"}, "title": "CVE Program Container", "references": [{"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"}, {"name": "19060", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19060"}, {"name": "23680", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/23680"}, {"name": "21120", "tags": ["third-party-advisory", "x_refsource_SECUNIA", "x_transferred"], "url": "http://secunia.com/advisories/21120"}, {"name": "1016536", "tags": ["vdb-entry", "x_refsource_SECTRACK", "x_transferred"], "url": "http://securitytracker.com/id?1016536"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"}, {"name": "20060718 VMSA-2006-0003 VMware possible incorrect permissions on SSL key files", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/440583/100/0/threaded"}, {"name": "ADV-2006-2880", "tags": ["vdb-entry", "x_refsource_VUPEN", "x_transferred"], "url": "http://www.vupen.com/english/advisories/2006/2880"}, {"name": "19062", "tags": ["vdb-entry", "x_refsource_BID", "x_transferred"], "url": "http://www.securityfocus.com/bid/19062"}, {"name": "20070110 VMware ESX server security updates", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"}, {"name": "27418", "tags": ["vdb-entry", "x_refsource_OSVDB", "x_transferred"], "url": "http://www.osvdb.org/27418"}, {"name": "vmware-vmwareconfig-file-permissions(27881)", "tags": ["vdb-entry", "x_refsource_XF", "x_transferred"], "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27881"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://kb.vmware.com/kb/2467205"}, {"name": "20060725 Advisory: VMware Possible Incorrect Permissions On SSL Key Files", "tags": ["mailing-list", "x_refsource_BUGTRAQ", "x_transferred"], "url": "http://www.securityfocus.com/archive/1/441082/100/0/threaded"}, {"tags": ["x_refsource_CONFIRM", "x_transferred"], "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"}]}]}, "cveMetadata": {"assignerOrgId": "8254265b-2729-46b6-b9e3-3dfca2d5bfca", "assignerShortName": "mitre", "cveId": "CVE-2006-3589", "datePublished": "2006-07-19T23:00:00", "dateReserved": "2006-07-13T00:00:00", "dateUpdated": "2024-08-07T18:30:34.466Z", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.1"}

{}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vmware:infrastructure:3:*:*:*:*:*:*:*", "matchCriteriaId": "AD0E3A11-F411-4653-96ED-05ECE4DCF401", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*", "matchCriteriaId": "5A9A9E09-959A-4A99-A25C-09AA4FA646D5", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*", "matchCriteriaId": "EB051A5C-5F66-4732-949A-48B0FDE4AFF1", "vulnerable": true}, {"criteria": "cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*", "matchCriteriaId": "7BA47458-E783-4A6A-ABF1-59E8D87E9B33", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:2.0:*:*:*:*:*:*:*", "matchCriteriaId": "A348CABB-CD52-4C55-9653-154C75605CD1", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:2.0.1:*:*:*:*:*:*:*", "matchCriteriaId": "BA74505A-3550-4646-B2D6-6E6D0924023D", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:2.1:*:*:*:*:*:*:*", "matchCriteriaId": "7632C2AE-4B59-4B17-8A6B-C1D05C2824FA", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:2.1.1:*:*:*:*:*:*:*", "matchCriteriaId": "EC77D81A-12AA-4948-9970-9461289DC648", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:2.1.2:*:*:*:*:*:*:*", "matchCriteriaId": "54A10ABE-E778-4133-B1AA-05FE6829A34A", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:2.5:*:*:*:*:*:*:*", "matchCriteriaId": "C2CB97F9-9DF6-4493-A245-F4901F4DD22E", "vulnerable": true}, {"criteria": "cpe:2.3:o:vmware:esx:2.5.2:*:*:*:*:*:*:*", "matchCriteriaId": "C862131A-64D8-4C2D-815F-19971D63AF00", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key."}, {"lang": "es", "value": "vmware-config.pl en VMware for Linux, ESX Server 2.x, y Infrastructure 3 no valida el c\u00f3digo de retorno desde la llamada a la funci\u00f3n Perl chmod, lo cual podr\u00eda permitir un fichero llave SSL sea creado con una umask no segura que permite a usuarios locales leer o modificar la llave SSL."}], "id": "CVE-2006-3589", "lastModified": "2024-11-21T00:13:57.813", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "LOW", "cvssData": {"accessComplexity": "LOW", "accessVector": "LOCAL", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 3.6, "confidentialityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "vectorString": "AV:L/AC:L/Au:N/C:P/I:P/A:N", "version": "2.0"}, "exploitabilityScore": 3.9, "impactScore": 4.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}]}, "published": "2006-07-21T14:03:00.000", "references": [{"source": "cve@mitre.org", "url": "http://kb.vmware.com/kb/2467205"}, {"source": "cve@mitre.org", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21120"}, {"source": "cve@mitre.org", "url": "http://secunia.com/advisories/23680"}, {"source": "cve@mitre.org", "url": "http://securitytracker.com/id?1016536"}, {"source": "cve@mitre.org", "url": "http://www.osvdb.org/27418"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/440583/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/441082/100/0/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19060"}, {"source": "cve@mitre.org", "url": "http://www.securityfocus.com/bid/19062"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"}, {"source": "cve@mitre.org", "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"}, {"source": "cve@mitre.org", "url": "http://www.vupen.com/english/advisories/2006/2880"}, {"source": "cve@mitre.org", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27881"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://kb.vmware.com/kb/2467205"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "tags": ["Vendor Advisory"], "url": "http://secunia.com/advisories/21120"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://secunia.com/advisories/23680"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://securitytracker.com/id?1016536"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.osvdb.org/27418"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/440583/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/441082/100/0/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/archive/1/456546/100/200/threaded"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19060"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.securityfocus.com/bid/19062"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "http://www.vupen.com/english/advisories/2006/2880"}, {"source": "af854a3a-2127-422b-91ae-364da2661108", "url": "https://exchange.xforce.ibmcloud.com/vulnerabilities/27881"}], "sourceIdentifier": "cve@mitre.org", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "NVD-CWE-Other"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}