CVE-2019-3698
Published: 28 February 2020
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.
Notes
Author | Note |
---|---|
mdeslaur | this is a vulnerability in a SUSE-specific cron job |
Priority
CVSS 3 base score: 7.0
Status
Package | Release | Status |
---|---|---|
icinga Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
eoan |
Not vulnerable
(code not present)
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|
|
nagios3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
eoan |
Does not exist
|
|
precise |
Does not exist
|
|
trusty |
Does not exist
|
|
upstream |
Needs triage
|
|
xenial |
Not vulnerable
(code not present)
|