Vulnerability Details : CVE-2006-3589
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
Exploit prediction scoring system (EPSS) score for CVE-2006-3589
Probability of exploitation activity in the next 30 days: 0.05%
Percentile, the proportion of vulnerabilities that are scored at or less: ~ 18 % EPSS Score History EPSS FAQ
CVSS scores for CVE-2006-3589
| Base Score | Base Severity | CVSS Vector | Exploitability Score | Impact Score | Score Source |
|---|---|---|---|---|---|
|
3.6
|
LOW | AV:L/AC:L/Au:N/C:P/I:P/A:N |
3.9
|
4.9
|
NIST |
References for CVE-2006-3589
-
https://exchange.xforce.ibmcloud.com/vulnerabilities/27881
- http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
-
http://www.securityfocus.com/archive/1/440583/100/0/threaded
- http://www.securityfocus.com/archive/1/456546/100/200/threaded
-
http://www.securityfocus.com/bid/19060
-
http://kb.vmware.com/kb/2467205
-
http://www.vupen.com/english/advisories/2006/2880
- http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
- http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
-
http://www.securityfocus.com/bid/19062
-
http://www.securityfocus.com/archive/1/441082/100/0/threaded
- http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
-
http://securitytracker.com/id?1016536
Products affected by CVE-2006-3589
- cpe:2.3:a:vmware:workstation:5.5.3:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:player:*:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:server:1.0.1_build_29996:*:*:*:*:*:*:*
- cpe:2.3:a:vmware:infrastructure:3:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:2.5:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:2.5.2:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:2.0.1:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:2.1.1:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:2.1.2:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:2.0:*:*:*:*:*:*:*
- cpe:2.3:o:vmware:esx:2.1:*:*:*:*:*:*:*