O tagata faʻatau o le Microsoft Azure cloud platform e faʻaogaina ai Linux i masini masini ua feagai ma se faʻafitauli matuia (CVE-2021-38647) e faʻatagaina ai le faʻatinoina o code mamao ma aia tatau. O le faʻafitauli na faʻaigoaina OMIGOD ma e lauiloa mo le mea moni o loʻo i ai le faʻafitauli i le OMI Agent application, lea e faʻapipiʻi filemu i siosiomaga Linux.
OMI Agent e otometi lava ona faʻapipiʻiina ma faʻagaoioia pe a faʻaaogaina auaunaga e pei ole Azure Automation, Azure Automatic Update, Azure Operations Management Suite, Azure Log Analytics, Azure Configuration Management, Azure Diagnostics, ma Azure Container Insights. Mo se faʻataʻitaʻiga, Linux siosiomaga i Azure lea e mafai ai ona mataʻituina e mafai ona osofaʻia. O le sui sooupu o se vaega o le OMI (Open Management Infrastructure Agent) afifi ma le faʻatinoina o le DMTF CIM / WBEM stack mo le faʻatautaia o atinaʻe IT.
OMI Agent o loʻo faʻapipiʻiina i luga o le faiga i lalo o le omsagent tagata faʻaoga ma fatuina tulaga i / etc / sudoers e faʻatautaia ai se faasologa o tusitusiga ma aia tatau. I le taimi o le faʻagaioiina o nisi o auʻaunaga, faʻalogo fesoʻotaʻiga fesoʻotaʻiga e faia i luga o ports fesoʻotaʻiga 5985, 5986 ma 1270. O le suʻesuʻeina i le auaunaga a Shodan o loʻo faʻaalia ai le i ai o le sili atu i le 15 siosiomaga Linux vaivai i luga o le upega tafailagi. I le taimi nei, o se faʻataʻitaʻiga galue o le faʻaogaina ua uma ona avanoa lautele, faʻatagaina oe e faʻatino lau code faʻatasi ai ma aia tatau i luga o ia faiga.
O le faʻafitauli e faʻateleina i le mea moni o le faʻaogaina o le OMI e le o faʻamaonia manino i Azure ma o le OMI Agent ua faʻapipiʻiina e aunoa ma se lapataiga - e tatau lava ona e malilie i tuutuuga o le auaunaga filifilia pe a faʻatulagaina le siosiomaga ma o le a avea le OMI Agent. otometi ona fa'agaoioia, i.e. o le tele o tagata fa'aoga latou te le o iloa lona i ai.
Ole auala ole fa'aogaina e le taua - na'o le auina atu o se talosaga XML i le sooupu, aveese le ulutala e nafa ma le fa'amaoni. E fa'aogaina e le OMI le fa'amaoni pe a maua fe'au fa'atonu, fa'amaonia o lo'o iai le aia tatau a le kalani e lafo ai se fa'atonuga fa'apitoa. O le ute o le faʻafitauli o le taimi lea o le ulutala "Authentication", lea e nafa ma le faʻamaoni, ua aveesea mai le feʻau, e manatu le 'auʻaunaga e manuia le faʻamaoniga, talia le feʻau faʻatonutonu ma faʻatagaina poloaiga e faʻatino ma aia tatau. Mo le faʻatinoina o faʻatonuga i totonu o le polokalama, ua lava le faʻaaogaina o le faʻatonuga ExecuteShellCommand_INPUT i le feʻau. Mo se faʻataʻitaʻiga, e faʻalauiloa le aoga "id", naʻo le auina atu o se talosaga: curl -H "Content-Type: application/soap+xml;charset=UTF-8" -k —data-binary "@http_body.txt" https: //10.0.0.5. 5986:3/wsman ... id 2003
Ua uma ona tuʻuina atu e Microsoft le faʻafouina o le OMI 1.6.8.1 e faʻaleleia ai le faʻafitauli, ae e leʻi tuʻuina atu i tagata faʻaoga Microsoft Azure (o loʻo faʻapipiʻiina pea le lomiga tuai o le OMI i siosiomaga fou). E le lagolagoina le faʻafouina o sui faʻapitoa, o lea e tatau ai i tagata faʻaoga ona faia se faʻafouga o pusa tusi e faʻaaoga ai poloaiga "dpkg -l omi" ile Debian/Ubuntu poʻo le "rpm -qa omi" ile Fedora/RHEL. I le avea ai ma se puipuiga malu, e fautuaina e poloka le avanoa i fesoʻotaʻiga ports 5985, 5986, ma le 1270.
I le faaopoopo atu i le CVE-2021-38647, OMI 1.6.8.1 o loʻo faʻaalia foi ni faʻafitauli se tolu (CVE-2021-38648, CVE-2021-38645, ma le CVE-2021-38649) e mafai ona faʻatagaina se tagata faʻapitoa i le lotoifale e faʻaogaina le tulafono.
puna: opennet.ru