Knowledge Base

The VMware Knowledge Base provides support solutions, error messages and troubleshooting guides

Search the VMware Knowledge Base (KB)

View by Article ID

The Configuration Program vmware-config Might Set Incorrect Permissions on SSL Key Files (2467205)

Details

In /usr/bin/vmware-config.pl, code sets permissions on the key and certificate files to safe values. However, this script does not use the safe_chmod() subroutine that reports errors on failure. Instead, it uses the native Perl chmod() function without any return code checking. Because the safe_chmod() subroutine is not used and no return code checks are performed, the user is not alerted if chmod() fails. If umask is used at the time, the result might leave the key file readable to any local user on the system.

Note: In ESX Server 2.5.x, the affected files include /usr/bin/vmware-config.pl and /usr/bin/vmware-config-mui.pl.

Solution

Manually change the permissions on the key and certificate to their intended values. The following commands are appropriate on a default installation:

# chmod 400 /etc/vmware/ssl/rui.key
# chmod 444 /etc/vmware/ssl/rui.crt

Keywords

security; ssl; alertz

Request a Product Feature

To request a new product feature or to provide feedback on a VMware product, please visit the Request a Product Feature page.

Feedback

1 2 3 4 5
0 Ratings

1 2 3 4 5
0 Ratings

Actions

Bookmark Document

KB:

Did this article help you?
This article resolved my issue. This article did not resolve my issue. This article helped but additional information was required to resolve my issue.
What can we do to improve this information? (4000 or fewer characters)