CVE-2006-3589
CVSS3.6
发布时间 :2006-07-21 10:03:00
修订时间 :2011-03-07 21:39:02
NMCOPS    

[原文]vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.


[CNNVD]VMware 'vmware-config.pl'不安全SSL密钥文件漏洞(CNNVD-200607-350)

        VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。
        VMWare的vmware-config.pl脚本可将密钥和证书文件的权限设置为安全的值,但这个脚本没有使用可报告失败错误的safe_chmod()子例程,而使用了Perl chmod()函数,且没有执行任何返回代码检查,因此如果chmod()失败的话用户不会得到警告。这可能导致系统中的任意本地用户都可以读取密钥文件,具体取决于所使用的umask。

- CVSS (基础分值)

CVSS分值: 3.6 [轻微(LOW)]
机密性影响: PARTIAL [很可能造成信息泄露]
完整性影响: PARTIAL [可能会导致系统文件被修改]
可用性影响: NONE [对系统可用性无影响]
攻击复杂度: LOW [漏洞利用没有访问限制 ]
攻击向量: LOCAL [漏洞利用需要具有物理访问权限或本地帐户]
身份认证: NONE [漏洞利用无需身份认证]

- CPE (受影响的平台与产品)

cpe:/a:vmware:esx_server:2.0_build_5257
cpe:/a:vmware:infrastructure:3VMWare VMWare Infrastructure 3
cpe:/a:vmware:esx_server:2.0.1
cpe:/a:vmware:server:1.0.1_build_29996VMWare VMware Server 1.0.1.29996
cpe:/a:vmware:esx_server:2.0.1_build_6403
cpe:/a:vmware:esx_server:2.5
cpe:/a:vmware:esx_server:2.0
cpe:/a:vmware:esx_server:2.1
cpe:/a:vmware:workstation:5.5.3VMWare VMWare 5.5.3
cpe:/a:vmware:playerVMWare Player
cpe:/a:vmware:esx_server:2.1.2
cpe:/a:vmware:esx_server:2.5.2
cpe:/a:vmware:esx_server:2.1.1

- OVAL (用于检测的技术细节)

未找到相关OVAL定义

- 官方数据库链接

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589
(官方数据源) MITRE
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2006-3589
(官方数据源) NVD
http://www.cnnvd.org.cn/vulnerability/show/cv_cnnvdid/CNNVD-200607-350
(官方数据源) CNNVD

- 其它链接及资源

http://xforce.iss.net/xforce/xfdb/27881
(UNKNOWN)  XF  vmware-vmwareconfig-file-permissions(27881)
http://www.vupen.com/english/advisories/2006/2880
(UNKNOWN)  VUPEN  ADV-2006-2880
http://www.securityfocus.com/bid/19062
(UNKNOWN)  BID  19062
http://www.securityfocus.com/bid/19060
(UNKNOWN)  BID  19060
http://www.securityfocus.com/archive/1/archive/1/441082/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060725 Advisory: VMware Possible Incorrect Permissions On SSL Key Files
http://www.securityfocus.com/archive/1/archive/1/440583/100/0/threaded
(UNKNOWN)  BUGTRAQ  20060718 VMSA-2006-0003 VMware possible incorrect permissions on SSL key files
http://securitytracker.com/id?1016536
(UNKNOWN)  SECTRACK  1016536
http://secunia.com/advisories/21120
(VENDOR_ADVISORY)  SECUNIA  21120
http://kb.vmware.com/kb/2467205
(UNKNOWN)  CONFIRM  http://kb.vmware.com/kb/2467205
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
(UNKNOWN)  CONFIRM  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
http://www.securityfocus.com/archive/1/archive/1/456546/100/200/threaded
(UNKNOWN)  BUGTRAQ  20070110 VMware ESX server security updates
http://www.osvdb.org/27418
(UNKNOWN)  OSVDB  27418
http://secunia.com/advisories/23680
(UNKNOWN)  SECUNIA  23680

- 漏洞信息

VMware 'vmware-config.pl'不安全SSL密钥文件漏洞
低危 设计错误
2006-07-21 00:00:00 2006-09-23 00:00:00
本地  
        VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。
        VMWare的vmware-config.pl脚本可将密钥和证书文件的权限设置为安全的值,但这个脚本没有使用可报告失败错误的safe_chmod()子例程,而使用了Perl chmod()函数,且没有执行任何返回代码检查,因此如果chmod()失败的话用户不会得到警告。这可能导致系统中的任意本地用户都可以读取密钥文件,具体取决于所使用的umask。

- 公告与补丁

        目前厂商还没有提供补丁或者升级程序,建议使用此软件的用户随时关注厂商的主页以获取最新版本:
        http://www.vmware.com

- 漏洞信息 (F53566)

VMware Security Advisory 2007-0001 (PacketStormID:F53566)
2007-01-13 00:00:00
VMware  vmware.com
advisory
CVE-2006-3589,CVE-2006-2937,CVE-2006-2940,CVE-2006-3738,CVE-2006-4339,CVE-2006-4343,CVE-2006-4980
[点击下载]

VMware Security Advisory - The VMware ESX server has new patches released that address a slew of security issues.

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

- -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2007-0001
Synopsis:          VMware ESX server security updates
Issue date:        2007-01-08
Updated on:        2007-01-08
CVE:               CVE-2006-3589 CVE-2006-2937 CVE-2006-2940
                   CVE-2006-3738 CVE-2006-4339 CVE-2006-4343
                   CVE-2006-4980
- -------------------------------------------------------------------

1. Summary:

Updated ESX Patches address several security issues.

2. Relevant releases:

VMware ESX 3.0.1 without patch ESX-9986131
VMware ESX 3.0.0 without patch ESX-3069097

VMware ESX 2.5.4 prior to upgrade patch 3
VMware ESX 2.5.3 prior to upgrade patch 6
VMware ESX 2.1.3 prior to upgrade patch 4
VMware ESX 2.0.2 prior to upgrade patch 4

3. Problem description:

Problems addressed by these patches:

a. Incorrect permissions on SSL key files generated  by vmware-config
(CVE-2006-3589):

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

    A possible security issue with the configuration program
    vmware-config which could set incorrect permissions on SSL key
    files. Local users may be able to obtain access to the SSL key
    files. The Common Vulnerabilities and Exposures project
    (cve.mitre.org) assigned the name CVE-2006-3589 to this issue.

b. OpenSSL library vulnerabilities:

    ESX 3.0.1: corrected by ESX 3.0.1 Patch ESX-9986131
    ESX 3.0.0: corrected by ESX 3.0.0 Patch ESX-3069097
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

    (CVE-2006-2937) OpenSSL 0.9.7 before 0.9.7l and 0.9.8 before 0.9.8d
    allows remote attackers to cause a denial of service (infinite
    loop and memory consumption) via malformed ASN.1 structures that
    trigger an improperly handled error condition.

    (CVE-2006-2940) OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d,
    and earlier versions allows attackers to cause a denial of service
    (CPU consumption) via parasitic public keys with large (1) "public
    exponent" or (2) "public modulus" values in X.509 certificates that
    require extra time to process when using RSA signature verification.

    (CVE-2006-4339) OpenSSL before 0.9.7, 0.9.7 before 0.9.7k, and 0.9.8
    before 0.9.8c, when using an RSA key with exponent 3, removes PKCS-1
    padding before generating a hash, which allows remote attackers to
    forge a PKCS #1 v1.5 signature that is signed by that RSA key and
    prevents OpenSSL from correctly verifying X.509 and other
    certificates that use PKCS #1.

    (CVE-2006-4343) The get_server_hello function in the SSLv2 client
    code in OpenSSL 0.9.7 before 0.9.7l, 0.9.8 before 0.9.8d, and
    earlier versions allows remote servers to cause a denial of service
    (client crash) via unknown vectors that trigger a null pointer
    dereference.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2006-2937, CVE-2006-2940, CVE-2006-3738,
    CVE-2006-4339, and CVE-2006-4343 to these issues.

c. Updated OpenSSH package addresses the following possible security issues:

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by Patch ESX-3069097
    ESX 2.5.4: does not have these problems
    ESX 2.5.3: does not have these problems
    ESX 2.1.3: does not have these problems
    ESX 2.0.2: does not have these problems

    (CVE-2004-2069) sshd.c in OpenSSH 3.6.1p2 and 3.7.1p2 and possibly
    other versions, when using privilege separation, does not properly
    signal the non-privileged process when a session has been terminated
    after exceeding the LoginGraceTime setting, which leaves the
    connection open and allows remote attackers to cause a denial of
    service (connection consumption).

    (CVE-2006-0225) scp in OpenSSH 4.2p1 allows attackers to execute
    arbitrary commands via filenames that contain shell metacharacters
    or spaces, which are expanded twice.

    (CVE-2003-0386) OpenSSH 3.6.1 and earlier, when restricting host
    access by numeric IP addresses and with VerifyReverseMapping
    disabled, allows remote attackers to bypass "from=" and "user@host"
    address restrictions by connecting to a host from a system whose
    reverse DNS hostname contains the numeric IP address.

    (CVE-2006-4924) sshd in OpenSSH before 4.4, when using the version 1
    SSH protocol, allows remote attackers to cause a denial of service
    (CPU consumption) via an SSH packet that contains duplicate blocks,
    which is not properly handled by the CRC compensation attack
    detector.

    NOTE: ESX by default disables version 1 SSH protocol.

    (CVE-2006-5051) Signal handler race condition in OpenSSH before 4.4
    allows remote attackers to cause a denial of service (crash), and
    possibly execute arbitrary code if GSSAPI authentication is enabled,
    via unspecified vectors that lead to a double-free.

    NOTE: ESX doesn't use GSSAPI by default.

    (CVE-2006-5794) Unspecified vulnerability in the sshd Privilege
    Separation Monitor in OpenSSH before 4.5 causes weaker verification
    that authentication has been successful, which might allow attackers
    to bypass authentication.

    NOTE: as of 20061108, it is believed that this issue is only
    exploitable by leveraging vulnerabilities in the unprivileged
    process, which are not known to exist.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the names CVE-2004-2069, CVE-2006-0225, CVE-2003-0386,
    CVE-2006-4924, CVE-2006-5051, and CVE-2006-5794 to these issues.

d. Object reuse problems with newly created virtual disk (.vmdk or .dsk)
files:

    ESX 3.0.1: does not have this problem
    ESX 3.0.0: does not have this problem
    ESX 2.5.4: corrected by ESX 2.5.4 Upgrade Patch 3 (Build# 36502)
    ESX 2.5.3: corrected by ESX 2.5.3 Upgrade Patch 6 (Build# 35703)
    ESX 2.1.3: corrected by ESX 2.1.3 Upgrade Patch 4 (Build# 35803)
    ESX 2.0.2: corrected by ESX 2.0.2 Upgrade Patch 4 (Build# 35801)

    A possible security issue with virtual disk (.vmdk or .dsk) files
    that are newly created, but contain blocks from recently deleted
    virtual disk files.  Information belonging to the previously
    deleted virtual disk files could be revealed in newly created
    virtual disk files.

    VMware recommends the following workaround: When creating new
    virtual machines on an ESX Server that may contain sensitive
    data, use vmkfstools with the -W option. This initializes the
    virtual disk with zeros.  NOTE: ESX 3.x defines this option as -w.

e. Buffer overflow in Python function repr():

    ESX 3.0.1: corrected by Patch ESX-9986131
    ESX 3.0.0: corrected by ESX-3069097
    ESX 2.5.4: does not have this problem
    ESX 2.5.3: does not have this problem
    ESX 2.1.3: does not have this problem
    ESX 2.0.2: does not have this problem

    A possible security issue with how the Python function repr()
    function handles UTF-32/UCS-4 strings. Python applications
    using this function can open a security vulnerability that could
    allow the execution of arbitrary code.

    The Common Vulnerabilities and Exposures project (cve.mitre.org)
    assigned the name CVE-2006-4980 to this issue.

4. Solution:

Please review the Patch notes for your version of ESX and verify the md5sum.

  ESX 3.0.1
  http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
  md5usm: 239375e107fd4c7af57663f023863fcb

  ESX 3.0.0
  http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
  md5sum: ca9947239fffda708f2c94f519df33dc

  ESX 2.5.4
  http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html
  md5sum: 239375e107fd4c7af57663f023863fcb

  ESX 2.5.3
  http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html
  md5sum: f90fcab28362edbf2311f3ca90cc7739

  ESX 2.1.3
  http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html
  md5sum: 7d7d0e40f4dccd5ca64b9c13a856da8f

  ESX 2.0.2
  http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html
  md5sum: 925e70f28d17714c53fdbd24de64329f


5. References:

ESX 3.0.0 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-3069097-patch.html
Knowledge base URL:  http://kb.vmware.com/kb/3069097

ESX 3.0.1 Patch URL:
http://www.vmware.com/support/vi3/doc/esx-9986131-patch.html
Knowledge base URL:  http://kb.vmware.com/kb/9986131

ESX 2.5.4 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.html

ESX 2.5.3 Patch URL:
http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.html

ESX 2.1.3 Patch URL:
http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.html

ESX 2.0.2 Patch URL:
http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.html

http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3589
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2937
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-2940
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-3738
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4339
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4343
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2006-4980

6. Contact:

http://www.vmware.com/security

VMware Security Response Policy
http://www.vmware.com/vmtn/technology/security/security_response.html

E-mail:  security@vmware.com

Copyright 2007 VMware Inc. All rights reserved.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.6 (GNU/Linux)

iD8DBQFFovs16KjQhy2pPmkRCMfyAKCXhdGwZyXW5VzSwcOmu2NNXKN/OwCgo+CE
neFG0RikD74TCYeXKW6CBy4=
=9/6k
-----END PGP SIGNATURE-----

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
    

- 漏洞信息 (F48405)

VMware Security Advisory 2006-0003 (PacketStormID:F48405)
2006-07-20 00:00:00
VMware  vmware.com
advisory,remote
linux
CVE-2006-3589
[点击下载]

The VMWare configuration program may not correctly set file permissions on generated SSL Key files that are used for encrypting traffic for remote administrative connections. Affected software includes VMware Player for Linux, VMware Workstation for Linux, VMware Server for Linux, VMware ESX Server 2.x, and VMware Infrastructure 3. ,

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1


- -------------------------------------------------------------------
                   VMware Security Advisory

Advisory ID:       VMSA-2006-0003
Synopsis:          VMware possible incorrect permissions on SSL key files
			VMware Player for Linux
			VMware Workstation for Linux
			VMware Server for Linux
			VMware ESX Server 2.x
			VMware Infrastructure 3

			NOT VULNERABLE: VMware Player for Windows
			NOT VULNERABLE: VMware Workstation for Windows
			NOT VULNERABLE: VMware Server for Windows
VMTN Knowledge Base URL: http://kb.vmware.com/kb/2467205
Issue date:        2006-07-18
Updated on:        2006-07-18
CVE Name:          CVE-2006-3589
- -------------------------------------------------------------------

1. Summary:

The configuration program, vmware    

- 漏洞信息

27418
VMware vmware-config.pl SSL Key File Permission Weakness
Local Access Required Information Disclosure
Loss of Confidentiality
Exploit Public Vendor Verified

- 漏洞描述

VMware ESX Server, VMware GSX Server, VMware Player, VMware Server, and VMware Workstation utilize a flawed vmware-config.pl script that may lead to an unauthorized information disclosure. Under certain circumstances, the vmware-config.pl script may set weak file permissions on the SSL key used by VMware to encrypt console and management communications. If this key file is accessed by unauthorized users, it can be used to attack and decrypt the SSL communications of the affected VMware product, leading to a loss of confidentiality. This issue is not valid for VMware products running under the Windows operating system.

- 时间线

2006-07-18 2006-06-01
2006-07-18 Unknow

- 解决方案

Upgrade to the latest VMware version (ESX 3.0.1, Server 1.0.3, Workstation 6.0), as it has been reported to fix this vulnerability. Additionally, the vendor has released a patch to address this issue, or users may opt to apply the following workaround: Assuming VMware has been installed with the default paths, these two commands (executed as root), will set the proper file permissions on the SSL key files: chmod 400 /etc/vmware/ssl/rui.key chmod 444 /etc/vmware/ssl/rui.crt

- 相关参考

- 漏洞作者

- 漏洞信息

VMware Information Disclosure Vulnerability
Failure to Handle Exceptional Conditions 19060
No Yes
2006-07-18 12:00:00 2007-01-09 07:02:00
Nick Breese and security-assessment.com are credited with the discovery of this vulnerability.

- 受影响的程序版本

VMWare Workstation for Linux 0
VMWare Server for Linux 0
VMWare Player for Linux 0
VMWare ESX Server 2.5.2
VMWare ESX Server 2.5
VMWare ESX Server 2.1.2
VMWare ESX Server 2.1.1
VMWare ESX Server 2.1
VMWare ESX Server 2.0.1 build 6403
VMWare ESX Server 2.0.1
VMWare ESX Server 2.0 build 5257
VMWare ESX Server 2.0
VMWare Workstation 5.5.1 Build 19175
VMWare Workstation 5.0 .0 build-13124
VMWare Workstation 4.5.2
VMWare Workstation 4.5.2
VMWare Workstation 4.0.2
VMWare Workstation 4.0.1
VMWare Workstation 4.0
VMWare Workstation 3.4
VMWare Workstation 3.2.1 patch 1
VMWare VMWare 3.0
VMWare VMWare 2.0
- Caldera OpenLinux 2.4
- Caldera OpenLinux 2.4
- Caldera OpenLinux 2.3
- Caldera OpenLinux 2.3
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 8.0
- Red Hat Linux 6.2
- Red Hat Linux 6.2
- RedHat Linux 7.1
- RedHat Linux 7.1
- RedHat Linux 7.0
- RedHat Linux 7.0
- RedHat Linux 6.1
- RedHat Linux 5.2
- RedHat Linux 5.2
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3
- S.u.S.E. Linux 6.3
- S.u.S.E. Linux 6.2
- S.u.S.E. Linux 6.2
- S.u.S.E. Linux 6.1
- S.u.S.E. Linux 6.1
- S.u.S.E. Linux 6.0
- S.u.S.E. Linux 6.0
VMWare VMWare 1.1.2
VMWare VMWare 1.1.1
VMWare VMWare 1.1
VMWare VMWare 1.0.2
VMWare VMWare 1.0.1
VMWare Player

- 不受影响的程序版本

VMWare Workstation 5.5.1 Build 19175
VMWare Workstation 5.0 .0 build-13124
VMWare Workstation 4.5.2
VMWare Workstation 4.5.2
VMWare Workstation 4.0.2
VMWare Workstation 4.0.1
VMWare Workstation 4.0
VMWare Workstation 3.4
VMWare Workstation 3.2.1 patch 1
VMWare VMWare 3.0
VMWare VMWare 2.0
- Caldera OpenLinux 2.4
- Caldera OpenLinux 2.4
- Caldera OpenLinux 2.3
- Caldera OpenLinux 2.3
- Mandriva Linux Mandrake 8.0
- Mandriva Linux Mandrake 8.0
- Red Hat Linux 6.2
- Red Hat Linux 6.2
- RedHat Linux 7.1
- RedHat Linux 7.1
- RedHat Linux 7.0
- RedHat Linux 7.0
- RedHat Linux 6.1
- RedHat Linux 5.2
- RedHat Linux 5.2
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.1
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 7.0
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.4
- S.u.S.E. Linux 6.3
- S.u.S.E. Linux 6.3
- S.u.S.E. Linux 6.2
- S.u.S.E. Linux 6.2
- S.u.S.E. Linux 6.1
- S.u.S.E. Linux 6.1
- S.u.S.E. Linux 6.0
- S.u.S.E. Linux 6.0
VMWare VMWare 1.1.2
VMWare VMWare 1.1.1
VMWare VMWare 1.1
VMWare VMWare 1.0.2
VMWare VMWare 1.0.1
VMWare Player

- 漏洞讨论

VMware is prone to an information-disclosure vulnerability because the software sets insecure permissions on SSL key and certificate files.

If an attacker can gain access to SSL key files used to encrypt remote administrative connections, they can decrypt this traffic.

VMware Player for Linux, VMware Workstation for Linux, VMware Server for Linux, and VMware Infrastructure 3 are reported vulnerable.

- 漏洞利用

Attackers can exploit this issue using a Windows or UNIX command shell, along with readily available tools that monitor network traffic.

- 解决方案

Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: vuldb@securityfocus.commailto:vuldb@securityfocus.com.

- 相关参考

 

 

关于SCAP中文社区

SCAP中文社区是国内第一个以SCAP为主题的中文开放社区。了解更多信息,请查阅[关于本站]

版权声明

CVE/CWE/OVAL均为MITRE公司的注册商标,它们的官方数据源均保存在MITRE公司的相关网站