CVE-2019-3698
Published: 28 February 2020
UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.
Notes
| Author | Note |
|---|---|
| mdeslaur | this is a vulnerability in a SUSE-specific cron job |
Priority
Medium
CVSS 3 base score: 7.0
Status
| Package | Release | Status |
|---|---|---|
|
icinga Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| eoan |
Not vulnerable
(code not present)
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|
|
|
nagios3 Launchpad, Ubuntu, Debian |
bionic |
Not vulnerable
(code not present)
|
| eoan |
Does not exist
|
|
| precise |
Does not exist
|
|
| trusty |
Does not exist
|
|
| upstream |
Needs triage
|
|
| xenial |
Not vulnerable
(code not present)
|