Dell Unity:Unity 是否會受到 CVE-2023-51385 漏洞的影響 (使用者可修正)
Summary: 本文詳細說明 Dell Unity 產品對 CVE-2023-51385 漏洞中詳述之漏洞的易受性。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
如果使用者名稱或主機名稱具有 shell 中繼字元,並且在某些情況下會透過擴充權杖參考此名稱,則可能會發生作業系統命令注入。例如,不受信任的 Git 儲存庫可能具有使用者名或主機名中帶有 shell 元字元的子模組。
Cause
CVE-2023-51385: https://nvd.nist.gov/vuln/detail/CVE-2023-51385
Resolution
在 Unity OE 版本 5.5 的 Kestrel 版本中,openssh 已經是版本 8.4p1-150300.3.30.1,其中包含 CVE-2023-51385 的修正。因此,修正是將 Unity OE 升級至 5.5 版。
Additional Information
從 SUSE 網站:
https://www.suse.com/security/cve/CVE-2023-51385.htmlSUSE Linux Enterprise Server 15 受影響的
Affected Products
Dell EMC Unity, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Hybrid, Dell EMC UnityVSA Professional Edition/Unity Cloud EditionArticle Properties
Article Number: 000254326
Article Type: Solution
Last Modified: 17 Oct 2025
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.