CVE-2011-10035
Nagios XI versions prior to 2011R1.9 contain privilege escalation vulnerabilities in the scripts that install or update system crontab entries. Due to time-of-check/time-of-use race conditions and missing synchronization or final-path validation, a local low-privileged user could manipulate filesystem state during crontab installation to influence the files or commands executed with elevated privileges, resulting in execution with higher privileges.
| Software | From | Fixed in |
|---|---|---|
| nagios / nagios_xi | - | 2009.x |
| nagios / nagios_xi | 2011-r1 | 2011-r1.x |
| nagios / nagios_xi | 2011-r1.1 | 2011-r1.1.x |
| nagios / nagios_xi | 2011-r1.2 | 2011-r1.2.x |
| nagios / nagios_xi | 2011-r1.3 | 2011-r1.3.x |
| nagios / nagios_xi | 2011-r1.4 | 2011-r1.4.x |
| nagios / nagios_xi | 2011-r1.5 | 2011-r1.5.x |
| nagios / nagios_xi | 2011-r1.6 | 2011-r1.6.x |
| nagios / nagios_xi | 2011-r1.7 | 2011-r1.7.x |
| nagios / nagios_xi | 2011-r1.8 | 2011-r1.8.x |
Deep Security Visibility Without the Complexity
SynScan provides clear, real-time security insights so you can monitor your attack surface, spot risks early, and act fast—without extra complexity.
- No setup fees
- 5-min deployment
- Cancel anytime