logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Possible Local Escalation of Privilege Vulnerability OS X running Carbon Black Response

Possible Local Escalation of Privilege Vulnerability OS X running Carbon Black Response

Issue

A vulnerability has been reported by a Carbon Black Response customer related to directory permissions set by the Carbon Black Response Installer when installing on MacOS.

The Carbon Black Response Installer leaves the /Application/CarbonBlack directory owned by <user> wheel with elevated permissions. This allows a process running as the user to replace the CbOsxSensorService with another file which can then be invoked by launchd as root/privileged.

Recommended Workaround

Change the permissions of /Applications/CarbonBlack to be root:wheel. For example from the terminal:

sudo chown root:wheel /Applications/CarbonBlack

Important Note(s)

Carbon Black will release a fix in our next release of the OS X Sensor.

Labels (1)
Labels:
Was this article helpful? Yes No
No ratings
Article Information
Author:
akramer
Creation Date:
‎09-30-2016
Views:
690
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.