关联漏洞
标题:
Microsoft Azure 授权问题漏洞
(CVE-2021-38647)
描述:Microsoft Azure是美国微软(Microsoft)公司的一套开放的企业级云计算平台。 Microsoft Azure Open Management Infrastructure存在授权问题漏洞。以下产品和版本受到影响:Azure Open Management Infrastructure <omi-1.6.8-1。
描述
Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)
介绍
# OMIGOD
Proof on Concept Exploit for CVE-2021-38647 (OMIGOD)
For background information and context, read the our blog post detailing this vulnerability: https://www.horizon3.ai/news/blog/omigod
## Details
CVE-2021-38647 is an unauthenticated RCE vulnerability effecting the OMI agent as root.
OMI agents are commonly found installed on Azure Linux servers when the following are in use:
* Azure Automation
* Azure Automatic Update
* Azure Operations Management Suite
* Azure Log Analytics
* Azure Configuration Management
* Azure Diagnostics
## Usage
```bash
azureuser@linux:~$ python3 omigod.py -t 10.0.0.5 -c id
uid=0(root) gid=0(root) groups=0(root)
```
## Example Output
## Mitigations
Update and ensure the OMI agent is at version 1.6.8.1.
* For Debian systems (e.g., Ubuntu): `dpkg -l omi`
* For Redhat based system (e.g., Fedora, CentOS, RHEL): `rpm -qa omi`
## Prior Research Credit
For more details see the original researchers' work:
https://www.wiz.io/blog/omigod-critical-vulnerabilities-in-omi-azure
## Disclaimer
This software has been created purely for the purposes of academic research and for the development of effective defensive techniques, and is not intended to be used to attack systems except where explicitly authorized. Project maintainers are not responsible or liable for misuse of the software. Use responsibly.
文件快照
[4.0K] /data/pocs/f351a7e4fa5c61266872d388c6d79373322bdc29
├── [2.7K] omigod.py
├── [6.3K] proof.png
└── [1.3K] README.md
0 directories, 3 files
备注
1. 建议优先通过来源进行访问。
2. 如果因为来源失效或无法访问,请发送邮箱到 f.jinxu#gmail.com 索取本地快照(把 # 换成 @)。
3. 神龙已为您对POC代码进行快照,为了长期维护,请考虑为本地POC付费,感谢您的支持。