Environment
- All Products: All Supported Versions
- Linux: All Supported Versions
- macOS: All Supported Versions
Question
Are Carbon Black products vulnerable to CVE-2021-3156?
Answer
CVE-2021-3156 identifies an exploit in the sudo library provided by the underlying OS that allows privilege escalation to root via a heap-based buffer overflow. Any linux or macOS machines running a version of sudo prior to 1.9.5p2 is vulnerable, including those running Carbon Black sensors/agents and servers running EDR clusters/single servers. You may confirm the version of sudo on your linux/macOS machine by executing the following:
sudo sudo -V
Contact your OS vendor for details of availability of sudo 1.9.5p2 or higher for your OS since sudo is a component of the OS, and not the CarbonBlack product.
Additional Notes
Related Content