DSA-2024-346: Security Update for Dell PowerScale OneFS for Multiple Vulnerabilities
Podsumowanie: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
Ten artykuł dotyczy
Ten artykuł nie dotyczy
Ten artykuł nie jest powiązany z żadnym konkretnym produktem.
Nie wszystkie wersje produktu zostały zidentyfikowane w tym artykule.
Skutki
High
Szczegóły
| Third-party Component | CVEs | More Information |
| Apache HTTP Server | CVE-2023-38709, CVE-2024-24795 | https://nvd.nist.gov/vuln/search |
| Curl | CVE-2023-46218, CVE-2023-46219 | https://nvd.nist.gov/vuln/search |
| iPerf3 | CVE-2023-7250 | https://nvd.nist.gov/vuln/search |
| libexpat | CVE-2024-28757, CVE-2023-52425, CVE-2023-52426 | https://nvd.nist.gov/vuln/search |
| pyca/cryptography | CVE-2023-49083 | https://nvd.nist.gov/vuln/search |
| Python | CVE-2023-6597, CVE-2024-0450 | https://nvd.nist.gov/vuln/search |
| OpenSSH | CVE-2024-6387 | https://nvd.nist.gov/vuln/search |
| Kerberos | CVE-2025-71277 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-39579 | Dell PowerScale OneFS, versions prior to 9.8.0.0, contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2024-39578 | Dell PowerScale OneFS, versions prior to 9.8.0.1, contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | 6.3 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-39579 | Dell PowerScale OneFS, versions prior to 9.8.0.0, contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2024-39578 | Dell PowerScale OneFS, versions prior to 9.8.0.1, contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | 6.3 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H |
Produkty, których dotyczy problem, i środki zaradcze
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2023-49083 | PowerScale OneFS | Versions 8.2.2.0 through 9.4.0.18 | Version 9.4.0.19 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 | PowerScale OneFS | Version 8.2.2.0 through 9.5.0.8 | Version 9.5.1.0 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387 | PowerScale OneFS | Versions 9.1.0.0 through 9.5.1.0 | Version 9.5.1.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387 | PowerScale OneFS | Versions 9.6.0.0 through 9.7.1.0 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-6597, CVE-2024-0450 | PowerScale OneFS | Versions 9.5.0.0 through 9.5.0.8 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-38709, CVE-2024-24795, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250, CVE-2025-71277 | PowerScale OneFS | Versions 8.2.2.0 through 9.7.1.0 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 | PowerScale OneFS | Versions 9.8.0.0 | Version 9.9.0.0 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387, CVE-2023-38709, CVE-2024-24795, CVE-2025-71277 | PowerScale OneFS | Versions 9.8.0.0 through 9.8.0.1 | Version 9.9.0.0 or later | PowerScale OneFS Downloads Area |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2023-49083 | PowerScale OneFS | Versions 8.2.2.0 through 9.4.0.18 | Version 9.4.0.19 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 | PowerScale OneFS | Version 8.2.2.0 through 9.5.0.8 | Version 9.5.1.0 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387 | PowerScale OneFS | Versions 9.1.0.0 through 9.5.1.0 | Version 9.5.1.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387 | PowerScale OneFS | Versions 9.6.0.0 through 9.7.1.0 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-6597, CVE-2024-0450 | PowerScale OneFS | Versions 9.5.0.0 through 9.5.0.8 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-38709, CVE-2024-24795, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250, CVE-2025-71277 | PowerScale OneFS | Versions 8.2.2.0 through 9.7.1.0 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 | PowerScale OneFS | Versions 9.8.0.0 | Version 9.9.0.0 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387, CVE-2023-38709, CVE-2024-24795, CVE-2025-71277 | PowerScale OneFS | Versions 9.8.0.0 through 9.8.0.1 | Version 9.9.0.0 or later | PowerScale OneFS Downloads Area |
Note:
- Any version not listed in the Affected Products and Remediation section should upgrade PowerScale OneFS to a version 9.7.1.2 or later.
- We encourage all customers to adopt the LTS 2024 version which is 9.7.x code line, with the latest maintenance MR.
- In PowerScale OneFS 9.7.1.2, 9.5.1.1, 9.9.0.0 and later versions, fix for CVE-2024-6387 is ported in existing version of OpenSSH which is OpenSSH_9.3p2 version.
- For more information on LTS (Long Term Support) code lines, see Dell Infrastructure Solutions Group (ISG) LTS Release Support Customer Summary.
Historia zmian
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-08-30 | Initial Release |
| 2.0 | 2024-08-30 | Updated for enhanced presentation with no changes to content |
| 3.0 | 2024-09-09 | Updated Additional Info section: CVE-2024-6387 remediation plan |
| 4.0 | 2024-09-20 | Updated Additional Info section: CVE-2024-6387 remediation plan details for PowerScale OneFS 9.7.1.2 |
| 5.0 | 2024-10-03 | Updated the Affected Products and Remediation table |
| 6.0 | 2024-12-10 | Updated Additional Info section: CVE-2024-6387 remediation plan details for PowerScale OneFS 9.5.1.1 |
| 7.0 | 2025-10-08 | Updated the Additional Info section, proprietary code CVE descriptions and remediated versions |
| 8.0 | 2025-10-09 | Minor formatting adjustments |
| 9.0 | 2026-07-07 | Added details for CVE-2025-71277 |
| 10.0 | 2026-07-07 | Updated details for Affected versions for CVE-2025-72177 |
Powiązane informacje
Zastrzeżenie prawne
Produkty, których dotyczy problem
PowerScale OneFSWłaściwości artykułu
Numer artykułu: 000228207
Typ artykułu: Dell Security Advisory
Ostatnia modyfikacja: 07 lip 2026
Znajdź odpowiedzi na swoje pytania u innych użytkowników produktów Dell
Usługi pomocy technicznej
Sprawdź, czy Twoje urządzenie jest objęte usługą pomocy technicznej.