Strix
26.1K

CVE-2006-3589

UnknownEPSS 0.43%

Last modified

CVE-2006-3589 is a vulnerability of currently unknown severity. vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.. EPSS estimates a 0.43% chance of exploitation in the next 30 days.

Description

vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.

Metrics

EPSS Probability
0.43%

34.2th percentile

Probability of exploitation in the next 30 days. Learn more

Affected Software

VendorProductVersions
VmwareInfrastructure3
VmwarePlayerAll versions
VmwareServer1.0.1_build_29996
VmwareWorkstation5.5.3
VmwareEsx2.0
VmwareEsx2.0.1
VmwareEsx2.1
VmwareEsx2.1.1
VmwareEsx2.1.2
VmwareEsx2.5
VmwareEsx2.5.2

References

Timeline

Published
Last Modified
Status
Modified

Frequently Asked Questions

What is CVE-2006-3589?
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
How severe is CVE-2006-3589?
Severity scoring for CVE-2006-3589 is pending analysis. The EPSS model estimates a 0.43% probability of exploitation in the next 30 days.
How do I fix CVE-2006-3589?
Check the vendor references and advisories linked above for patched versions and mitigation guidance. You can also run a Strix scan to test if your systems are affected.

Are you affected by CVE-2006-3589?

Run a free Strix scan to check your systems for this vulnerability.

Scan your code now

Source: NVD / NIST