CVE-2019-3698

Description

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.

CVSS breakdown

CVSS 3.1

Attack Vector

Local

Attack Complexity

High

Privileges Required

None

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

None

Availability

Low

Affected products

openSUSE / Factorynagios – 4.4.5-2.1
SUSE / SUSE Linux Enterprise Server 11nagios – 3.0.6-1.25.36.3.1
SUSE / SUSE Linux Enterprise Server 12nagios – 3.5.1-5.27

References

MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00014.html
MAILING_LISThttp://lists.opensuse.org/opensuse-security-announce/2020-04/msg00022.html
MISChttps://bugzilla.suse.com/show_bug.cgi?id=1156309