PT-2020-10914 · Nagios+1 · Nagios+1

Matthias Gerstner

Published

2020-02-28

Updated

2024-06-15

CVE-2019-3698

CVSS v3.1

7.0

High

Vector

AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions nagios versions prior to 3.5.1-5.27 nagios versions prior to 3.0.6-1.25.36.3.1 nagios versions prior to 4.4.5-2.1

Description The issue affects the cronjob shipped with nagios, allowing local attackers to cause a denial of service or potentially escalate privileges by winning a race. This is a result of a UNIX Symbolic Link (Symlink) Following vulnerability.

Recommendations For nagios versions prior to 3.5.1-5.27, update to a version later than 3.5.1-5.27. For nagios versions prior to 3.0.6-1.25.36.3.1, update to a version later than 3.0.6-1.25.36.3.1. For nagios versions prior to 4.4.5-2.1, update to a version later than 4.4.5-2.1. As a temporary workaround, consider restricting access to the vulnerable cronjob until a patch is available.

Exploit

Fix

DoS

Link Following

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-59

Related Identifiers

CVE-2019-3698

OPENSUSE-SU-2020:0500-1

OPENSUSE-SU-2020:0517-1

OPENSUSE-SU-2020_0500-1

OPENSUSE-SU-2024:11073-1

SUSE-SU-2022:3576-1

SUSE-SU-2024:1629-1

Affected Products

Suse

Nagios

PT-2020-10914 · Nagios+1 · Nagios+1

CVE-2019-3698

Weakness Enumeration

Related Identifiers

Affected Products

References · 38