question

BergRonaldvanden-2657 avatar image
0 Votes"
BergRonaldvanden-2657 asked SenadSadikovic-6569 commented

OMI Vulnerability

Does anybody know if this issue on the omi agent has the same impact on the scom agent which also uses omi?
And if true, if there's an updated version underway?

https://msrc.microsoft.com/update-guide/vulnerability/CVE-2021-38647

msc-operations-manager
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

LeonLaude avatar image
1 Vote"
LeonLaude answered SenadSadikovic-6569 commented

Hi @BergRonaldvanden-2657,

The vulnerability is fixed in the OMI version 1.6.8.1 which can be found on GitHub, they have also updated the Microsoft repo so you can update it from there as well.

Linux Software Repository for Microsoft Products
https://docs.microsoft.com/en-us/windows-server/administration/Linux-Package-Repository-for-Microsoft-Software


If the reply was helpful please don't forget to upvote and/or accept as answer, thank you!


Best regards,
Leon


· 4
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

How can I check the omiserver version in RHEL 7?

0 Votes 0 ·

/opt/omi/bin/omiserver --version

0 Votes 0 ·

thanks!

0 Votes 0 ·

Does the hotfix update require updating the agents to new versions aswell? Or will the current version for the UR3 remain?

0 Votes 0 ·
AnEvilPenguin-5832 avatar image
0 Votes"
AnEvilPenguin-5832 answered BergRonaldvanden-2657 commented

According to this yes it is vulnerable. But the latest release seems to be 1.6.8-1 on the repo after the fix was put in.
No updates for my test Centos 7 box yet as far as I can tell, still seems to be on 1.6.6
I've got an Ubuntu one somewhere as well, but I've been having some unrelated trouble connecting.

· 2
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

To follow up, it sounds like a manual patch at the moment. So grab the rpm or deb from the repository and apply.


1 Vote 1 ·

Tnx, That's what i thought, hope a Microsoft emply can confirm this as well.

1 Vote 1 ·