Dell Unity:Unity 是否受 CVE-2023-51385 漏洞影响(用户可纠正)
Summary: 本文详细介绍了 Dell Unity 产品对 CVE-2023-51385 漏洞中详细描述的漏洞的敏感性。
This article applies to
This article does not apply to
This article is not tied to any specific product.
Not all product versions are identified in this article.
Symptoms
如果用户名或主机名具有 shell 元字符,并且在某些情况下此名称由扩展令牌引用,则可能会发生操作系统命令注入。例如,不受信任的 Git 存储库可以具有一个子模块,其用户名或主机名中包含 shell 元字符。
Cause
CVE-2023-51385: https://nvd.nist.gov/vuln/detail/CVE-2023-51385
Resolution
在 Kestrel 版本(即 Unity OE 版本 5.5)中,openssh 已经是版本 8.4p1-150300.3.30.1,该版本具有 CVE-2023-51385 的修复。因此,修复方法是升级 Unity OE 版本 5.5。
Additional Information
从 SUSE 网站:
https://www.suse.com/security/cve/CVE-2023-51385.html受影响的 SUSE Linux Enterprise Server 15
Affected Products
Dell EMC Unity, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Hybrid, Dell EMC UnityVSA Professional Edition/Unity Cloud EditionArticle Properties
Article Number: 000254326
Article Type: Solution
Last Modified: 17 Oct 2025
Version: 2
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.