Your submission was sent successfully! Close

CVE-2019-3698

Published: 28 February 2020

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.

Notes

AuthorNote
mdeslaur
this is a vulnerability in a SUSE-specific cron job
Priority

Medium

CVSS 3 base score: 7.0

Status

Package Release Status
icinga
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
eoan Not vulnerable
(code not present)
precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not present)
nagios3
Launchpad, Ubuntu, Debian
bionic Not vulnerable
(code not present)
eoan Does not exist

precise Does not exist

trusty Does not exist

upstream Needs triage

xenial Not vulnerable
(code not present)