← Back

CVE-2019-3698

nvd nist
Published: Feb 28, 2020Modified: Nov 21, 2024

JSON object

Loading...
7.0
Vector
CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
Exploitability: 1.0 / Impact: 5.9
Source: NVD

Description

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.

Affected (4)

Nagios
1 product
Nagios
Opensuse
2 products
Backports Sle
Leap
Configuration A
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nagios
Before 3.5.1
Running on/withPlatform Versions
Suse
Linux Enterprise Server
Version 12
Configuration B
1 vulnerable · 1 platform
Vulnerable SoftwareAffected Versions
Nagios
Before 3.0.6
Running on/withPlatform Versions
Suse
Linux Enterprise Server
Version 11
Configuration C
2 vulnerable
Vulnerable SoftwareAffected Versions
Backports Sle
Version 15.0 sp1
Leap
Version 15.1

Related CWEs

CWE-59
Improper Link Resolution Before File Access ('Link Following')
The product attempts to access a file based on the filename, but it does not properly prevent that filename from identifying a link or shortcut that resolves to an unintended resource.

References (6)

Source: meissner@suse.de
Mailing ListThird Party Advisory
Source: meissner@suse.de
Mailing ListThird Party Advisory
Source: meissner@suse.de
ExploitIssue TrackingPatchVendor Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
Mailing ListThird Party Advisory
Source: af854a3a-2127-422b-91ae-364da2661108
ExploitIssue TrackingPatchVendor Advisory

Timeline

No history available yet.