nagios cron job allows privilege escalation from user nagios to root

CVE-2019-3698

5.7MEDIUM

Key Information

Vendor: Suse
Status: Suse Linux Enterprise Server 12; Suse Linux Enterprise Server 11; Factory
Vendor: CVE Published:; 28 February 2020

Summary

UNIX Symbolic Link (Symlink) Following vulnerability in the cronjob shipped with nagios of SUSE Linux Enterprise Server 12, SUSE Linux Enterprise Server 11; openSUSE Factory allows local attackers to cause cause DoS or potentially escalate privileges by winning a race. This issue affects: SUSE Linux Enterprise Server 12 nagios version 3.5.1-5.27 and prior versions. SUSE Linux Enterprise Server 11 nagios version 3.0.6-1.25.36.3.1 and prior versions. openSUSE Factory nagios version 4.4.5-2.1 and prior versions.

Affected Version(s)

SUSE Linux Enterprise Server 12 <= 3.5.1-5.27

SUSE Linux Enterprise Server 11 <= 3.0.6-1.25.36.3.1

Factory <= 4.4.5-2.1

CVSS V3.1

Score:

5.7

Severity:

MEDIUM

Confidentiality:

High

Integrity:

None

Availability:

Low

Attack Vector:

Local

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

Risk change from: 7 to: 5.7 - (MEDIUM)
Feb 22, 2024
Vulnerability published.
Feb 28, 2020
Vulnerability Reserved.
Jan 3, 2019

Collectors

NVD DatabaseMitre Database

Credit

Matthias Gerstner