OMI Vulnerability

Berg, Ronald van den 46 Reputation points
2021-09-15T13:43:36.647+00:00

Does anybody know if this issue on the omi agent has the same impact on the scom agent which also uses omi?
And if true, if there's an updated version underway?

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647

Operations Manager
Operations Manager
A family of System Center products that provide infrastructure monitoring, help ensure the predictable performance and availability of vital applications, and offer comprehensive monitoring for datacenters and cloud, both private and public.
1,436 questions
0 comments No comments
{count} votes

Accepted answer
  1. Leon Laude 85,701 Reputation points
    2021-09-15T17:12:22.92+00:00

    Hi @Berg, Ronald van den ,

    The vulnerability is fixed in the OMI version 1.6.8.1 which can be found on GitHub, they have also updated the Microsoft repo so you can update it from there as well.

    Linux Software Repository for Microsoft Products
    https://learn.microsoft.com/en-us/windows-server/administration/Linux-Package-Repository-for-Microsoft-Software

    ----------

    If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!

    Best regards,
    Leon

    1 person found this answer helpful.

1 additional answer

Sort by: Most helpful
  1. An Evil Penguin 6 Reputation points
    2021-09-15T16:17:52.487+00:00

    According to this yes it is vulnerable. But the latest release seems to be 1.6.8-1 on the repo after the fix was put in.
    No updates for my test Centos 7 box yet as far as I can tell, still seems to be on 1.6.6
    I've got an Ubuntu one somewhere as well, but I've been having some unrelated trouble connecting.