关键漏洞信息 漏洞标题 Nagios XI < 2011R1.9 Race Conditions in Crontab Install Scripts LPE 严重性 HIGH 发布日期 October 30, 2025 影响版本 XI < 2011R1.9 CVE编号 CVE-2011-10035 CWE类型 CWE-367 Time-of-check Time-of-use (TOCTOU) Race Condition CVSS评分 7.3 CVSS V4向量 CVSS:4.0/AV:L/AC:H/AT:N/PR:L/UI:N/VC:H/VI:H/VA:H/SC:N/SE:N/SA:N 参考链接 Nagios XI Changelog 描述 Nagios XI versions prior to 2011R1.9 contain privilege escalation vulnerabilities in the scripts that install or update system crontab entries. Due to time-of-check/time-of-use race conditions and missing synchronization or final-path validation, a local low-privileged user could manipulate filesystem state during crontab installation to influence the files or commands executed with elevated privileges, resulting in execution with higher privileges.