Dell Unity: Is Unity affected by CVE-2024-6409 Vulnerability (User Correctable)

Zhrnutie: This article details the susceptibility of Dell Unity to the vulnerabilities detailed in CVE-2024-6409.

Tento článok sa vzťahuje na Tento článok sa nevzťahuje na Tento článok nie je viazaný na žiadny konkrétny produkt. V tomto článku nie sú uvedené všetky verzie produktov.
Pozrite si ďalšie zdroje

Symptómy

Information on whether or not Dell Unity is vulnerable to CVE-2024-6409.

NVD - CVE-2024-6409This hyperlink is taking you to a website outside of Dell Technologies.

Príčina

A race condition vulnerability was discovered in how signals are handled by OpenSSH's server (sshd). If a remote attacker does not authenticate within a set time period, then sshd's SIGALRM handler is called asynchronously. However, this signal handler calls various functions that are not async-signal-safe, for example, syslog(). As a consequence of a successful attack, in the worst case scenario, an attacker may be able to perform a remote code execution (RCE) as an unprivileged user running the sshd server.

Riešenie

Unity should not be impacted as the mentioned CVE only impacts Openssh version above 8.7 and the current Unity OE version 5.4 runs Openssh 7.6.

CVE-2024-6409 Common Vulnerabilities and Exposures | SUSEThis hyperlink is taking you to a website outside of Dell Technologies.

Dotknuté produkty

Dell EMC Unity, Dell EMC Unity Family |Dell EMC Unity All Flash, Dell EMC Unity Hybrid, Dell EMC UnityVSA Professional Edition/Unity Cloud Edition
Vlastnosti článku
Číslo článku: 000254342
Typ článku: Solution
Dátum poslednej úpravy: 17 okt 2025
Verzia:  2
Nájdite odpovede na svoje otázky od ostatných používateľov spoločnosti Dell
Služby podpory
Skontrolujte, či sa na vaše zariadenie vzťahujú služby podpory.