CVE-2006-3589
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2006-3589
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Description
vmware-config.pl in VMware for Linux, ESX Server 2.x, and Infrastructure 3 does not check the return code from a Perl chmod function call, which might cause an SSL key file to be created with an unsafe umask that allows local users to read or modify the SSL key.
Source: NVD (National Vulnerability Database)
CVSS Information
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Type
N/A
Source: NVD (National Vulnerability Database)
Vulnerability Title
VMware 'vmware-config.pl'不安全SSL密钥文件漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
VMWare是一款虚拟PC软件,允许在一台机器上同时运行两个或多个Windows、DOS、LINUX系统。 VMWare的vmware-config.pl脚本可将密钥和证书文件的权限设置为安全的值,但这个脚本没有使用可报告失败错误的safe_chmod()子例程,而使用了Perl chmod()函数,且没有执行任何返回代码检查,因此如果chmod()失败的话用户不会得到警告。这可能导致系统中的任意本地用户都可以读取密钥文件,具体取决于所使用的umask。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| - | n/a | n/a | - |
II. Public POCs for CVE-2006-3589
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2006-3589
请登录查看更多情报信息。
- http://kb.vmware.com/kb/2467205x_refsource_CONFIRM
- http://www.vmware.com/support/esx25/doc/esx-254-200612-patch.htmlx_refsource_CONFIRM
- http://www.vmware.com/support/esx2/doc/esx-202-200612-patch.htmlx_refsource_CONFIRM
- http://www.vmware.com/support/esx25/doc/esx-253-200612-patch.htmlx_refsource_CONFIRM
- http://www.vmware.com/support/esx21/doc/esx-213-200612-patch.htmlx_refsource_CONFIRM
- https://nvd.nist.gov/vuln/detail/CVE-2006-3589
Same Patch Batch · n/a · 2006-07-19 · 46 CVEs total
| CVE-2006-3717 | Oracle E-Business Suite and Applications 安全漏洞 | |
| CVE-2006-3720 | Enterprise Config Management未明安全漏洞 | |
| CVE-2006-3722 | Oracle PeopleSoft Enterprise Portal存在未明安全漏洞 | |
| CVE-2006-3693 | Rocks Clusters本地特权提升漏洞 | |
| CVE-2006-3694 | Yukihiro Matsumoto Ruby多个SAFE等级限制绕过漏洞 | |
| CVE-2006-3695 | Tor 恶意的Tor server隐藏服务信息泄露漏洞 | |
| CVE-2006-3696 | Agnitum Outpost Firewall 'FiltNT.SYS' 本地拒绝服务漏洞 | |
| CVE-2006-3697 | Lavasoft Personal Firewall本地提权漏洞 | |
| CVE-2006-3724 | Oracle JD Edwards HTML Server OneWorld工具企业版工具未明影响和攻击漏洞 | |
| CVE-2006-3718 | Oracle Exchange for Oracle E-Business Suite and Applications 多个未明漏洞 | |
| CVE-2006-3719 | Repository for Oracle Enterprise Manager 未明安全向量 | |
| CVE-2006-3716 | Oracle E-Business Suite and Applications多个未明安全漏洞 | |
| CVE-2006-3715 | Oracle Collaboration Suite未明漏洞 | |
| CVE-2006-3714 | Oracle 2006年7月更新修复多个安全漏洞 | |
| CVE-2006-3713 | Oracle Application Server 未明安全漏洞 | |
| CVE-2006-3712 | Oracle Application Server OC4J 未明漏洞 | |
| CVE-2006-3711 | Oracle Application Server OC4J 未明安全漏洞 | |
| CVE-2006-3710 | Oracle Application Server OC4J 未明漏洞 | |
| CVE-2006-3709 | Server OC4J 存在未明安全漏洞,存在未明影响和攻击向量 | |
| CVE-2006-3708 | Oracle Application Server存在未明影响和攻击漏洞 |
Showing top 20 of 46 CVEs. View all on vendor page → →
IV. Related Vulnerabilities
Same vendor: n/a
- CVE-2026-8276
bettercap MySQL Server mysql_server.go integer coercion - CVE-2026-8275
bettercap zerogod IPP Service zerogod_ipp_primitives.go ippR - CVE-2026-8270
Open5GS SMF ogs_nas_parse_qos_rules denial of service - CVE-2026-8269
Open5GS SMF smf_nsmf_handle_create_sm_context denial of serv - CVE-2026-8268
Open5GS SMF OpenAPI_list_create denial of service
V. Comments for CVE-2006-3589
No comments yet