Article
Search:
RSS
VMware vmware-config.pl Insecure SSL Key File Permissions

Secunia Advisory: SA21120   
Release Date: 2006-07-19

Critical: Less critical

Impact: Exposure of sensitive information
 
Where: Local system
 
Solution Status: Vendor Workaround

 
OS:

VMware ESX Server 2.x
VMware ESX Server 3.x

 
Software:

VMware GSX Server 3.x
VMware Player 1.x
VMware Server 1.x
VMware Workstation 5.x

 
Description:
A security issue has been reported in VMware, which potentially can be exploited by malicious, local users to gain knowledge of sensitive information.

The problem is caused due to missing return code checks of the "chmod()" call in vmware-config.pl when setting permissions for SSL key files. This may potentially result in insecure read permissions being set on the key file.

Solution:
The vendor recommends to changing the file permissions (see vendor advisory).

Provided and/or discovered by: Reported by the vendor.

Original Advisory: http://kb.vmware.com/kb/2467205
 

Please note: The information, which this Secunia Advisory is based upon, comes from third party unless stated otherwise.

Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.

Published Wednesday, July 19, 2006 10:31 PM by David Marshall
Filed under:
Share this post: del.ici.ousDel.ici.ous Digg ThisDigg Newsvine ThisNewsvine Reddit ThisReddit Slashdot It!Slashdot TechnoratiTechnorati
Comments
There are no comments for this post.
To post a comment, you must be a registered user. Registration is free and easy! Sign up now!
CloudComputingImperative2012
CloudComputingWorldForum
Gov Tech Asia
CloudComputingWorldForum MEA
CloudComputingWorldForum Africa
vExpert
Calendar
<July 2006>
SuMoTuWeThFrSa
2526272829301
2345678
9101112131415
16171819202122
23242526272829
303112345
Tags
Archives
Links
Events
Platform Technology
Virtualization Sites