{"id":10060,"date":"2021-09-21T12:42:03","date_gmt":"2021-09-21T09:42:03","guid":{"rendered":"https:\/\/www.kaspersky.com.tr\/blog\/?p=10060"},"modified":"2021-09-21T12:42:03","modified_gmt":"2021-09-21T09:42:03","slug":"vulnerabilities-in-omi-azure","status":"publish","type":"post","link":"https:\/\/www.kaspersky.com.tr\/blog\/vulnerabilities-in-omi-azure\/10060\/","title":{"rendered":"OMI g\u00fcvenlik a\u00e7\u0131klar\u0131, Microsoft Azure \u00fczerindeki Linux sanal makineleri tehdit ediyor"},"content":{"rendered":"

Microsoft Azure\u2019da, bir kullan\u0131c\u0131 sanal bir Linux makine olu\u015fturdu\u011funda ve baz\u0131 Azure hizmetlerini etkinle\u015ftirdi\u011finde, Azure platformunun makineye Open Management Infrastructure (A\u00e7\u0131k Y\u00f6netimi Altyap\u0131s\u0131 \u2013 OMI) arac\u0131s\u0131n\u0131 otomatik olarak y\u00fckledi\u011fi olduk\u00e7a tehlikeli bir uygulamayla ilgili haberler \u00e7\u0131kt\u0131<\/a>. Kullan\u0131c\u0131 ise bu uygulamadan habersiz.<\/p>\n

Her ne kadar gizli olarak yap\u0131lan bir kurulum kula\u011fa korkun\u00e7 gelse de, \u015fu iki sorun olmasayd\u0131 o kadar da k\u00f6t\u00fc olmayabilirdi: Birincisi, arac\u0131da bilinen g\u00fcvenlik a\u00e7\u0131klar\u0131 mevcut ve ikinci olarak da arac\u0131, Azure\u2019da otomatik g\u00fcncelleme mekanizmas\u0131na sahip de\u011fil. Microsoft bu sorunu \u00e7\u00f6zene kadar, Azure\u2019da Linux sanal makineler kullanan kurulu\u015flar\u0131n aksiyon almas\u0131 gerekiyor.<\/p>\n

Open Management Infrastructure g\u00fcvenlik a\u00e7\u0131klar\u0131 ve sald\u0131rganlar\u0131n bunlardan faydalanma yollar\u0131<\/h2>\n

Eyl\u00fcl\u2019deki Sal\u0131 Yamas\u0131yla Microsoft, Open Management Infrastructure arac\u0131s\u0131ndaki d\u00f6rt g\u00fcvenlik a\u00e7\u0131\u011f\u0131na y\u00f6nelik g\u00fcvenlik g\u00fcncelle\u015ftirmeleri yay\u0131nlad\u0131. Bu d\u00f6rt a\u00e7\u0131ktan biri olan CVE-2021-38647<\/a>, uzaktan kod y\u00fcr\u00fct\u00fclmesine (RCE)<\/a> izin veriyor ve kritiktir \u00f6nem derecesine sahip. Di\u011fer \u00fc\u00e7 a\u00e7\u0131k, CVE-2021-38648<\/a>, CVE-2021-38645<\/a> ve CVE-2021-38649<\/a> ise sald\u0131rganlar\u0131n bir kurban\u0131n a\u011f\u0131na \u00f6nceden s\u0131zmas\u0131 halinde, \u00e7ok a\u015famal\u0131 sald\u0131r\u0131larda ayr\u0131cal\u0131k y\u00fckseltme (LPE)<\/a> i\u00e7in kullan\u0131labiliyor. Bu \u00fc\u00e7 g\u00fcvenlik a\u00e7\u0131\u011f\u0131 CVSS\u2019de y\u00fcksek \u00f6nem derecesine sahip.<\/p>\n

Microsoft Azure kullan\u0131c\u0131lar\u0131 bir Linux sanal makine olu\u015fturup, bir dizi hizmeti etkinle\u015ftirdi\u011finde, g\u00fcvenlik a\u00e7\u0131klar\u0131yla birlikte OMI ile ilgili her \u015fey sistemde otomatik olarak da\u011f\u0131t\u0131l\u0131yor. Bu hizmetler aras\u0131nda Azure Automation, Azure Automatic Update, Azure Operations Management Suite, Azure Log Analytics, Azure Configuration Management ve Azure Diagnostics yer al\u0131yor ve liste bu hizmetlerle s\u0131n\u0131rl\u0131 de\u011fil. Open Management Infrastructure arac\u0131s\u0131 tek ba\u015f\u0131na sistemdeki en y\u00fcksek ayr\u0131cal\u0131klara sahiptir ve g\u00f6revleri istatistik toplamay\u0131 ve yap\u0131land\u0131rmalar\u0131 e\u015fitlemeyi i\u00e7erdi\u011finden, etkinle\u015ftirilen hizmetlere ba\u011fl\u0131 olarak genellikle \u0130nternet\u2019ten \u00e7e\u015fitli HTTP ba\u011flant\u0131 noktalar\u0131 arac\u0131l\u0131\u011f\u0131yla eri\u015filebilir.<\/p>\n

\u00d6rne\u011fin dinleme portu 5986 ise sald\u0131rganlar, CVE-2021-38647 g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanabilme potansiyeline sahiptir ve uzaktan k\u00f6t\u00fc ama\u00e7l\u0131 kod y\u00fcr\u00fctebilirler. Uzaktan y\u00f6netim i\u00e7in OMI mevcutsa (5986, 5985 veya 1270 numaral\u0131 portlar\u0131), yabanc\u0131lar Azure\u2019daki t\u00fcm kom\u015fu a\u011flara eri\u015fmek i\u00e7in ayn\u0131 g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanabilir. Uzmanlara g\u00f6re g\u00fcvenlik a\u00e7\u0131\u011f\u0131ndan yararlanmak olduk\u00e7a kolay.<\/p>\n

https:\/\/twitter.com\/amiluttwak\/status\/1437898746747097090<\/strong><\/a><\/p>\n

\u015eimdiye kadar, hi\u00e7 bir b\u00fcy\u00fck sald\u0131r\u0131 bildirilmedi ancak bu g\u00fcvenlik a\u00e7\u0131klar\u0131ndan yararlanman\u0131n ne kadar kolay oldu\u011funa ili\u015fkin bir\u00e7ok bilgi mevcut oldu\u011fundan, muhtemelen b\u00f6yle bir sald\u0131r\u0131n\u0131n ger\u00e7ekle\u015fmesi fazla zaman almayacakt\u0131r.<\/p>\n

Kendinizi nas\u0131l korursunuz?<\/h2>\n

Microsoft, d\u00f6rt g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n hepsi i\u00e7in yamalar yay\u0131nlad\u0131. Ancak OMI her zaman otomatik olarak g\u00fcncellenmedi\u011fi i\u00e7in Linux sanal makinenizde hangi s\u00fcr\u00fcm\u00fcn da\u011f\u0131t\u0131ld\u0131\u011f\u0131n\u0131 kontrol etmeniz gerekiyor. E\u011fer s\u00fcr\u00fcm 1.6.8.1\u2019den eskiyse, Open Management Infrastructure arac\u0131s\u0131n\u0131 g\u00fcncelleyin. Nas\u0131l yap\u0131ld\u0131\u011f\u0131n\u0131 \u00f6\u011frenmek i\u00e7in CVE-2021-38647<\/a> g\u00fcvenlik a\u00e7\u0131\u011f\u0131n\u0131n a\u00e7\u0131klamalar\u0131na g\u00f6z at\u0131n.<\/p>\n

Uzmanlar ayr\u0131ca, birisi taraf\u0131ndan RCE \u00e7al\u0131\u015ft\u0131r\u0131lmas\u0131n\u0131 \u00f6nlemek i\u00e7in 5985, 5986 ve 1270 numaral\u0131 portlara a\u011f eri\u015fiminin k\u0131s\u0131tlanmas\u0131 tavsiyesinde bulunuyor.<\/p>\n","protected":false},"excerpt":{"rendered":"

D\u00f6rt g\u00fcvenlik a\u00e7\u0131\u011f\u0131 bulunan Open Management Infrastructure arac\u0131s\u0131, Microsoft Azure’daki Linux sanal makinelerine otomatik olarak y\u00fckleniyor.<\/p>\n","protected":false},"author":2581,"featured_media":10061,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[1726,1194],"tags":[2473,790,2276,38],"class_list":{"0":"post-10060","1":"post","2":"type-post","3":"status-publish","4":"format-standard","5":"has-post-thumbnail","7":"category-enterprise","8":"category-business","9":"tag-azure","10":"tag-guvenlik-aciklari","11":"tag-linux","12":"tag-microsoft"},"hreflang":[{"hreflang":"tr","url":"https:\/\/www.kaspersky.com.tr\/blog\/vulnerabilities-in-omi-azure\/10060\/"},{"hreflang":"en-in","url":"https:\/\/www.kaspersky.co.in\/blog\/vulnerabilities-in-omi-azure\/23305\/"},{"hreflang":"en-ae","url":"https:\/\/me-en.kaspersky.com\/blog\/vulnerabilities-in-omi-azure\/18792\/"},{"hreflang":"en-us","url":"https:\/\/usa.kaspersky.com\/blog\/vulnerabilities-in-omi-azure\/25371\/"},{"hreflang":"en-gb","url":"https:\/\/www.kaspersky.co.uk\/blog\/vulnerabilities-in-omi-azure\/23452\/"},{"hreflang":"es-mx","url":"https:\/\/latam.kaspersky.com\/blog\/vulnerabilities-in-omi-azure\/22852\/"},{"hreflang":"es","url":"https:\/\/www.kaspersky.es\/blog\/vulnerabilities-in-omi-azure\/25976\/"},{"hreflang":"it","url":"https:\/\/www.kaspersky.it\/blog\/vulnerabilities-in-omi-azure\/25558\/"},{"hreflang":"ru","url":"https:\/\/www.kaspersky.ru\/blog\/vulnerabilities-in-omi-azure\/31483\/"},{"hreflang":"x-default","url":"https:\/\/www.kaspersky.com\/blog\/vulnerabilities-in-omi-azure\/41977\/"},{"hreflang":"fr","url":"https:\/\/www.kaspersky.fr\/blog\/vulnerabilities-in-omi-azure\/17610\/"},{"hreflang":"pt-br","url":"https:\/\/www.kaspersky.com.br\/blog\/vulnerabilities-in-omi-azure\/18124\/"},{"hreflang":"pl","url":"https:\/\/plblog.kaspersky.com\/vulnerabilities-in-omi-azure\/15271\/"},{"hreflang":"de","url":"https:\/\/www.kaspersky.de\/blog\/vulnerabilities-in-omi-azure\/27374\/"},{"hreflang":"ja","url":"https:\/\/blog.kaspersky.co.jp\/vulnerabilities-in-omi-azure\/31634\/"},{"hreflang":"nl","url":"https:\/\/www.kaspersky.nl\/blog\/vulnerabilities-in-omi-azure\/27564\/"},{"hreflang":"ru-kz","url":"https:\/\/blog.kaspersky.kz\/vulnerabilities-in-omi-azure\/24347\/"},{"hreflang":"en-au","url":"https:\/\/www.kaspersky.com.au\/blog\/vulnerabilities-in-omi-azure\/29691\/"},{"hreflang":"en-za","url":"https:\/\/www.kaspersky.co.za\/blog\/vulnerabilities-in-omi-azure\/29485\/"}],"acf":[],"banners":"","maintag":{"url":"https:\/\/www.kaspersky.com.tr\/blog\/tag\/guvenlik-aciklari\/","name":"g\u00fcvenlik a\u00e7\u0131klar\u0131"},"_links":{"self":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10060","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/users\/2581"}],"replies":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/comments?post=10060"}],"version-history":[{"count":1,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10060\/revisions"}],"predecessor-version":[{"id":10062,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/posts\/10060\/revisions\/10062"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media\/10061"}],"wp:attachment":[{"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/media?parent=10060"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/categories?post=10060"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.kaspersky.com.tr\/blog\/wp-json\/wp\/v2\/tags?post=10060"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}