All Products: Are Carbon Black products Vulnerable to CVE-2021-3156
Article ID: 287725
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Are Carbon Black products vulnerable to CVE-2021-3156?
Environment
- All Products: All Supported Versions
- Linux: All Supported Versions
- macOS: All Supported Versions
Resolution
CVE-2021-3156 identifies an exploit in the sudo library provided by the underlying OS that allows privilege escalation to root via a heap-based buffer overflow. Any linux or macOS machines running a version of sudo prior to 1.9.5p2 is vulnerable, including those running Carbon Black sensors/agents and servers running EDR clusters/single servers. You may confirm the version of sudo on your linux/macOS machine by executing the following:
sudo sudo -VContact your OS vendor for details of availability of sudo 1.9.5p2 or higher for your OS since sudo is a component of the OS, and not the CarbonBlack product.
Additional Information
RedHat: https://access.redhat.com/security/cve/CVE-2021-3156
Sudo Website: https://www.sudo.ws/sudo/
Sudo Website: https://www.sudo.ws/sudo/
Feedback
Yes
No
Powered by
