There was a recently published vulnerability in sudo with information listed in CVE-2021-3156, information here:
The remediation suggested by Qualys has been to upgrade sudo on the machine to 1.9.5p2.
What version of sudo is the VRA Linux deployment using? If it’s different depending on the Zerto version, is there a list available? We have a client requesting information and resolution to this, is upgrading it something we have permissions to do or would it require assistance from a Zerto engineer?
The VRAs are Debian 9, stripped VMs, this means a lot of the normal functionalities will not be present. Sudo is not installed on the VRAs. You can run “apt list –installed” on the vra, that will display all packages installed and sudo is not one of them.
You can run these checks by logging onto the VRA as detailed in the following KB:
Hope this is helpful, thank you.
Thank you Joseph for the fast response!