OMIGOD vulnerability on Azure users with Linux VMs exposed to security vulnerability
What is OMI?
Open Management Infrastructure (OMI) is an open source project to further the development of a production quality implementation of the DMTF CIM/WBEM standards.
The OMI CIMOM is also designed to be portable and highly modular. In order to attain its small footprint, it is coded in C, which also makes it a much more viable CIM Object Manager for embedded systems and other infrastructure components that have memory constraints for their management processor. OMI is also designed to be inherently portable. It builds and runs today on most UNIX® systems and Linux. In addition to OMI’s small footprint, it also demonstrates very high performance.
What versions of OMI are vulnerable?
All OMI versions below v1.6.8-1 are vulnerable.
CVE-2021-38648, CVE-2021-38645, CVE-2021-38647, and CVE-2021-38649
It is to note that Microsoft has already released a security patch for these said CVEs on its latest Patch Tuesday on September 14.
As such, to fix the security loopholes, Azure users should make sure that they are using the 18.104.22.168 OMI version. Microsoft urges users who are not using this update yet to install in as soon as possible.