Microsoft Open Management Infrastructure < 1.6.8.1 Multiple Vulnerabilities

jas.itpro · May 30, 2022, 1:39pm

Hi Team,

There is a 9.6 VPR raiting vulnerability which is affecting Linux server’s in environment.

I am looking to find out if fixlet to address this vulnerability will be uploaded to Bigfix or we need to create a Custom fixlet for same to fix this issue.

Description
The version of Azure Open Management Intfrastructure installed on the remote host is prior to 1.6.8.1. It is, therefore, affected by multiple vulnerabilities:

A remote code execution vulnerability exists in the OMI agent. An unauthenticated, remote attacker can exploit this to bypass authentication and execute arbitrary commands with root privileges. (CVE-2021-38647)
Multiple privilege escalation vulnerabilities exists in the OMI agent. An unauthenticated, remote attacker can exploit this, to gain priviledged access to the system. (CVE-2021-38645, CVE-2021-38648, CVE-2021-38649)

Note that Nessus has not tested for this issue but has instead relied only on the application’s self-reported version number.

Solution
Upgrade to Azure Open Management Infrastructure version 1.6.8.1 or later.

See Also

Regards,
Jaspreet Singh

JasonWalker · May 30, 2022, 3:51pm

I believe you’ve need a custom Fixlet, as this is not covered in the OS patch content. It looks like a good candidate for RFE though.

JasonWalker · May 31, 2022, 4:37pm

I’d be willing to help with some customizations on this but will need you to retrieve some info (since I don’t have this product available to me).

Is this RPM or DebinPackage-based for you?
If RPM, can you give the results of

(names of it, versions of it, rpm version records of it)  of packages whose (name of it contains "openssl" or name of it contains "omi") of rpm

jas.itpro · June 1, 2022, 4:28pm

Hi Jason,

Thanks for helping & Supporting on this. But someone from team who is managing these Linux server’s created a custom fixlet to mitigate this vulnerability.

Regards,
Jaspreet Singh

brolly33 · June 1, 2022, 6:10pm

@jas.itpro That is great news. Any chance your team can share their work on bigfix.me, so other BigFixers around the world can benefit?

jas.itpro · June 2, 2022, 5:18pm

Hi @brolly33 - Let me check and I believe team will be happy to upload the content.