随笔 - 639, 文章 - 19, 评论 - 34, 阅读 - 115万
  博客园  :: 首页  :: 管理

Open Management Infrastructure (OMI) Elevation of Privilege Vulnerability for March 2024

 

Threat 威胁 :

"Open Management Infrastructure (OMI) is an open-source Web-Based Enterprise Management (WBEM) implementation for managing Linux and UNIX systems. SCOM uses this framework to orchestrate configuration management and log collection on Linux VMs. 

Affected Software: 
System Center Operations Manager (SCOM) 2019 
System Center Operations Manager (SCOM) 2022 

QID Detection Logic (Authenticated): 
The QID checks for vulnerable version of Open Management Infrastructure (OMI version prior to v1.8.1-0 are affected)."

 

Impact 影响:

Successful exploitation of this vulnerability will locally elevate the attacker's privileges to communicate as Root with OMI server.

 

Result 检查的结果

"Package Installed Version Required Version
omi 1.7.3-0.x86_64 1.8.1-0#"

 

Solution 解决方案:

Users are advised to check the advisory (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330) for more information. 
 Patch: 
Following are links for downloading patches to fix the vulnerabilities:
  CVE-2024-21330 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21330)  CVE-2024-21334 (https://msrc.microsoft.com/update-guide/vulnerability/CVE-2024-21334)

 

最后笔者在 微软的 官方文档中,找到 【Linux Software Repository for Microsoft Products】相关的仓库,并将OMI升级到 1.9.1 版本,直接rpm -ivh 安装升级即可

7287aad50de4a64655a1efc71fcbf8a6  omi-1.9.1-0.x86_64.rpm

 

 

 

尊重别人的劳动成果 转载请务必注明出处:https://www.cnblogs.com/5201351/p/18594442

 

相关博文:
阅读排行:
· CSnakes vs Python.NET:高效嵌入与灵活互通的跨语言方案对比
· DeepSeek “源神”启动!「GitHub 热点速览」
· 我与微信审核的“相爱相杀”看个人小程序副业
· Plotly.NET 一个为 .NET 打造的强大开源交互式图表库
· 上周热点回顾(2.17-2.23)
点击右上角即可分享
微信分享提示