Dell Unity: Is Unity affected by CVE-2024-6409 Vulnerability (User Correctable)

Summary: This article details the susceptibility of Dell Unity to the vulnerabilities detailed in CVE-2024-6409.

Αυτό το άρθρο ισχύει για Αυτό το άρθρο δεν ισχύει για Αυτό το άρθρο δεν συνδέεται με κάποιο συγκεκριμένο προϊόν. Δεν προσδιορίζονται όλες οι εκδόσεις προϊόντων σε αυτό το άρθρο.
Δείτε άλλους πόρους

Symptoms

Information on whether or not Dell Unity is vulnerable to CVE-2024-6409.

NVD - CVE-2024-6409This hyperlink is taking you to a website outside of Dell Technologies.

Cause

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.

Resolution

Unity should not be impacted as the mentioned CVE only impacts Openssh version above 8.7 and the current Unity OE version 5.4 runs Openssh 7.6.

CVE-2024-6409 Common Vulnerabilities and Exposures | SUSEThis hyperlink is taking you to a website outside of Dell Technologies.

Επηρεαζόμενα προϊόντα

Dell EMC Unity, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Hybrid, Dell EMC UnityVSA Professional Edition/Unity Cloud Edition
Ιδιότητες άρθρου
Article Number: 000254342
Article Type: Solution
Τελευταία τροποποίηση: 17 Οκτ 2025
Version:  2
Βρείτε απαντήσεις στις ερωτήσεις σας από άλλους χρήστες της Dell
Υπηρεσίες υποστήριξης
Ελέγξτε αν η συσκευή σας καλύπτεται από τις Υπηρεσίες υποστήριξης.