Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability for March 2024
Posted on 2024-12-09 11:03 520_1351 阅读(25) 评论(0) 编辑 收藏 举报Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability for March 2024
Threat 威胁 :
"Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. SCOM uses this framework to orchestrate configuration management and log collection on Linux VMs. Affected Software: System Center Operations Manager (SCOM) 2019 System Center Operations Manager (SCOM) 2022 QID Detection Logic (Authenticated): The QID checks for vulnerable version of Open Management Infrastructure (OMI version prior to v1.8.1-0 are affected)."
Impact 影响:
Successful exploitation of this vulnerability will locally elevate the attacker's privileges to communicate as Root with OMI server.
Result 检查的结果
"Package Installed Version Required Version omi 1.7.3-0.x86_64 1.8.1-0#"
Solution 解决方案:
Users are advised to check the advisory (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330) for more information. Patch: Following are links for downloading patches to fix the vulnerabilities: CVE-2024-21330 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330) CVE-2024-21334 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21334)
最后笔者在 微软的 官方文档中,找到 【Linux Software Repository for Microsoft Products】相关的仓库,并将OMI升级到 1.9.1 版本,直接rpm -ivh 安装升级即可
7287aad50de4a64655a1efc71fcbf8a6 omi-1.9.1-0.x86_64.rpm
尊重别人的劳动成果 转载请务必注明出处:https://www.cnblogs.com/5201351/p/18594442
作者:一名卑微的IT民工
出处:https://www.cnblogs.com/5201351
本博客所有文章仅用于学习、研究和交流目的,欢迎非商业性质转载。
由于博主的水平不高,文章没有高度、深度和广度,只是凑字数,不足和错误之处在所难免,希望大家能够批评指出。
博主是利用读书、参考、引用、复制和粘贴等多种方式打造成自己的文章,请原谅博主成为一个卑微的IT民工!
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】凌霞软件回馈社区,博客园 & 1Panel & Halo 联合会员上线
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】博客园社区专享云产品让利特惠,阿里云新客6.5折上折
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· CSnakes vs Python.NET:高效嵌入与灵活互通的跨语言方案对比
· DeepSeek “源神”启动!「GitHub 热点速览」
· 我与微信审核的“相爱相杀”看个人小程序副业
· Plotly.NET 一个为 .NET 打造的强大开源交互式图表库
· 上周热点回顾(2.17-2.23)