CVE-2011-10035 | THREATINT

Description

Nagios XI versions prior to 2011R1.9 contain privilege escalation vulnerabilities in the scripts that install or update system crontab entries. Due to time-of-check/time-of-use race conditions and missing synchronization or final-path validation, a local low-privileged user could manipulate filesystem state during crontab installation to influence the files or commands executed with elevated privileges, resulting in execution with higher privileges.

PUBLISHED Reserved 2025-10-28 | Published 2025-10-30 | Updated 2025-10-31 | Assigner VulnCheck

HIGH: 7.3CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition

Product status

Default status

unaffected

Any version before 2011R1.9

affected

Credits

0a29406d9794e4f9b30b3c5d6702c708 finder

References

www.nagios.com/changelog/nagios-xi/ release-notes patch

www.vulncheck.com/...onditions-in-crontab-install-script-lpe third-party-advisory

cve.org (CVE-2011-10035)

nvd.nist.gov (CVE-2011-10035)

Download JSON