CVE-2019-3698

Summary

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.

Affected Software

VendorProductVersion RangeStatus
SUSESUSE Linux Enterprise Server 12nagios <= 3.5.1-5.27affected
SUSESUSE Linux Enterprise Server 11nagios <= 3.0.6-1.25.36.3.1affected
openSUSEFactorynagios <= 4.4.5-2.1affected

Weaknesses

  • CWE-59: CWE-59: Improper Link Resolution Before File Access ('Link Following')

ADP Enrichment

CVE Program Container

Additional References

References