Vatengi veMicrosoft Azure gore papuratifomu vachishandisa Linux mumashini chaiwo vasangana nenjodzi yakaoma (CVE-2021-38647) iyo inobvumira kure kure kodhi kuuraya ine midzi kodzero. Kusagadzikana kwacho kwakanzi OMIGOD uye kwakakosha nekuti dambudziko riripo muOMI Agent application, inoiswa chinyararire munzvimbo dzeLinux.
OMI Agent inoiswa otomatiki uye inomisikidzwa kana uchishandisa masevhisi akadai seAzure Automation, Azure Automatic Update, Azure Operations Management Suite, Azure Log Analytics, Azure Configuration Management, Azure Diagnostics, uye Azure Container Insights. Semuenzaniso, nharaunda dzeLinux muAzure iyo yekutarisa inogoneswa inogona kurwisa. Mumiriri uyu chikamu cheakavhurika OMI (Open Management Infrastructure Agent) pasuru nekushandiswa kweDMTF CIM/WBEM stack yeIT manejimendi manejimendi.
OMI Agent inoiswa pane sisitimu iri pasi peomsagent mushandisi uye inogadzira marongero mukati /etc/sudoers kumhanya nhevedzano yezvinyorwa zvine midzi kodzero. Munguva yekushanda kwemamwe masevhisi, kuterera network sockets inogadzirwa pane network ports 5985, 5986 uye 1270. Kuongorora muShodan sevhisi kunoratidza kuvepo kweanopfuura zviuru gumi neshanu ari panjodzi Linux nharaunda pane network. Parizvino, prototype inoshanda yekushandiswa yakatovepo pachena, ichikubvumidza kuti uite kodhi yako ine kodzero dzemidzi pane akadaro masisitimu.
Dambudziko rinowedzerwa nenyaya yekuti kushandiswa kweOMI hakuna kunyorwa zvakajeka muAzure uye iyo OMI Agent inoiswa pasina yambiro - iwe unongoda kubvumirana nemirairo yebasa rakasarudzwa paunenge uchimisa nharaunda uye OMI Agent ichave. otomatiki activated, i.e. vashandisi vazhinji havatombozivi nezvekuvapo kwayo.
Iyo nzira yekubiridzira idiki - ingotumira chikumbiro cheXML kumumiririri, uchibvisa musoro unokonzeresa. OMI inoshandisa huchokwadi kana ichitambira mameseji ekudzora, ichiratidza kuti mutengi ane kodzero yekutumira mumwe murairo. Chinokosha chekusagadzikana ndechekuti kana iyo "Authentication" musoro, iyo ine basa rehuchokwadi, yabviswa kubva kune meseji, sevha inoona kuoneswa kwakabudirira, inogamuchira meseji yekutonga uye inobvumira mirairo kuti iitwe nekodzero dzemidzi. Kuita mirairo yekupokana muhurongwa, zvakakwana kushandisa yakajairwa ExecuteShellCommand_INPUT kuraira mune meseji. Semuyenzaniso, kuvhura βidβ utility, ingotumira chikumbiro: curl -H βContent-Type: application/soap+xml;charset=UTF-8β -k βdata-binary β@http_body.txtβ https: //10.0.0.5. 5986:3/wsman ... id 2003
Microsoft yakatobudisa iyo OMI 1.6.8.1 update inogadzirisa kusagadzikana, asi haisati yaendeswa kune vashandisi veMicrosoft Azure (shanduro yekare yeOMI ichiri kuiswa munzvimbo itsva). Otomatiki maajenti anogadziridza haatsigirwe, saka vashandisi vanofanirwa kuita bhuku repasuru yekuvandudza vachishandisa mirairo "dpkg -l omi" paDebian/Ubuntu kana "rpm -qa omi" paFedora/RHEL. Seyekuchengetedza workaround, zvinokurudzirwa kuvhara kupinda kune network ports 5985, 5986, uye 1270.
Pamusoro peCVE-2021-38647, OMI 1.6.8.1 inogadzirisawo kusagadzikana kutatu (CVE-2021-38648, CVE-2021-38645, uye CVE-2021-38649) iyo inogona kubvumira mushandisi wemuno asina rusarura kuti aite kodhi semudzi.
Source: opennet.ru