Home

Description

Nagios Log Server versions prior to 2026R1.0.1 are vulnerable to local privilege escalation due to a combination of sudo misconfiguration and group-writable application directories. The 'www-data' user is a member of the 'nagios' group, which has write access to '/usr/local/nagioslogserver/scripts', while several scripts in this directory are owned by root and may be executed via sudo without a password. A local attacker running as 'www-data' can move one of these root-owned scripts to a backup name and create a replacement script with attacker-controlled content at the original path, then invoke it with sudo. This allows arbitrary commands to be executed with root privileges, providing full compromise of the underlying operating system.

PUBLISHED Reserved 2025-04-15 | Published 2025-11-17 | Updated 2025-11-26 | Assigner VulnCheck




HIGH: 8.5CVSS:4.0/AV:L/AC:L/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N

Problem types

CWE-732 Incorrect Permission Assignment for Critical Resource

Product status

Default status
unaffected

Any version before 2026R1.0.1
affected

Timeline

2025-11-05:2026R1.0.1 is released

Credits

M. Cory Billington of theyhack.me finder

References

www.nagios.com/products/security/ vendor-advisory patch

www.nagios.com/...s-log-server/nagios-log-server-2026r1-0-1/ release-notes patch

www.vulncheck.com/...ion-via-writable-scripts-and-sudo-rules third-party-advisory

theyhack.me/Rooting-Nagios-Log-Server/ technical-description exploit

cve.org (CVE-2025-34323)

nvd.nist.gov (CVE-2025-34323)

Download JSON