DSA-2024-346: Security Update for Dell PowerScale OneFS for Multiple Vulnerabilities
摘要: Dell PowerScale OneFS remediation is available for multiple security vulnerabilities that could be exploited by malicious users to compromise the affected system.
本文适用于
本文不适用于
本文并非针对某种特定的产品。
本文并非包含所有产品版本。
影响
High
详情
| Third-party Component | CVEs | More Information |
| Apache HTTP Server | CVE-2023-38709, CVE-2024-24795 | https://nvd.nist.gov/vuln/search |
| Curl | CVE-2023-46218, CVE-2023-46219 | https://nvd.nist.gov/vuln/search |
| iPerf3 | CVE-2023-7250 | https://nvd.nist.gov/vuln/search |
| libexpat | CVE-2024-28757, CVE-2023-52425, CVE-2023-52426 | https://nvd.nist.gov/vuln/search |
| pyca/cryptography | CVE-2023-49083 | https://nvd.nist.gov/vuln/search |
| Python | CVE-2023-6597, CVE-2024-0450 | https://nvd.nist.gov/vuln/search |
| OpenSSH | CVE-2024-6387 | https://nvd.nist.gov/vuln/search |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-39579 | Dell PowerScale OneFS, versions prior to 9.8.0.0, contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2024-39578 | Dell PowerScale OneFS, versions prior to 9.8.0.1, contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | 6.3 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H |
| Proprietary Code CVEs | Description | CVSS Base Score | CVSS Vector String |
|---|---|---|---|
| CVE-2024-39579 | Dell PowerScale OneFS, versions prior to 9.8.0.0, contains an incorrect privilege assignment vulnerability. A local high privileged attacker could potentially exploit this vulnerability to gain root-level access. | 6.7 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H |
| CVE-2024-39578 | Dell PowerScale OneFS, versions prior to 9.8.0.1, contains a UNIX symbolic link (symlink) following vulnerability. A local high privileged attacker could potentially exploit this vulnerability, leading to denial of service, information tampering. | 6.3 | CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:L/I:H/A:H |
受影响的产品和补救措施
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2023-49083 | PowerScale OneFS | Versions 8.2.2.0 through 9.4.0.18 | Version 9.4.0.19 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 | PowerScale OneFS | Version 8.2.2.0 through 9.5.0.8 | Version 9.5.1.0 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387 | PowerScale OneFS | Versions 9.1.0.0 through 9.5.1.0 | Version 9.5.1.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387 | PowerScale OneFS | Versions 9.6.0.0 through 9.7.1.0 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-6597, CVE-2024-0450 | PowerScale OneFS | Versions 9.5.0.0 through 9.5.0.8 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-38709, CVE-2024-24795, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 | PowerScale OneFS | Versions 8.2.2.0 through 9.7.1.0 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 | PowerScale OneFS | Versions 9.8.0.0 | Version 9.9.0.0 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387, CVE-2023-38709, CVE-2024-24795 | PowerScale OneFS | Versions 9.8.0.0 through 9.8.0.1 | Version 9.9.0.0 or later | PowerScale OneFS Downloads Area |
| CVEs Addressed | Product | Affected Versions | Remediated Versions | Link |
| CVE-2023-49083 | PowerScale OneFS | Versions 8.2.2.0 through 9.4.0.18 | Version 9.4.0.19 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 | PowerScale OneFS | Version 8.2.2.0 through 9.5.0.8 | Version 9.5.1.0 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387 | PowerScale OneFS | Versions 9.1.0.0 through 9.5.1.0 | Version 9.5.1.1 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387 | PowerScale OneFS | Versions 9.6.0.0 through 9.7.1.0 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-6597, CVE-2024-0450 | PowerScale OneFS | Versions 9.5.0.0 through 9.5.0.8 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-38709, CVE-2024-24795, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 | PowerScale OneFS | Versions 8.2.2.0 through 9.7.1.0 | Version 9.7.1.2 or later | PowerScale OneFS Downloads Area |
| CVE-2023-49083, CVE-2024-28757, CVE-2023-52425, CVE-2023-52426, CVE-2024-39579, CVE-2023-6597, CVE-2024-0450, CVE-2024-39578, CVE-2023-46218, CVE-2023-46219, CVE-2023-7250 | PowerScale OneFS | Versions 9.8.0.0 | Version 9.9.0.0 or later | PowerScale OneFS Downloads Area |
| CVE-2024-6387, CVE-2023-38709, CVE-2024-24795 | PowerScale OneFS | Versions 9.8.0.0 through 9.8.0.1 | Version 9.9.0.0 or later | PowerScale OneFS Downloads Area |
Note:
- Any version not listed in the Affected Products and Remediation section should upgrade PowerScale OneFS to a version 9.7.1.2 or later.
- We encourage all customers to adopt the LTS 2024 version which is 9.7.x code line, with the latest maintenance MR.
- In PowerScale OneFS 9.7.1.2, 9.5.1.1, 9.9.0.0 and later versions, fix for CVE-2024-6387 is ported in existing version of OpenSSH which is OpenSSH_9.3p2 version.
- For more information on LTS (Long Term Support) code lines, see Dell Infrastructure Solutions Group (ISG) LTS Release Support Customer Summary.
修订历史记录
| Revision | Date | Description |
|---|---|---|
| 1.0 | 2024-08-30 | Initial Release |
| 2.0 | 2024-08-30 | Updated for enhanced presentation with no changes to content |
| 3.0 | 2024-09-09 | Updated Additional Info section: CVE-2024-6387 remediation plan |
| 4.0 | 2024-09-20 | Updated Additional Info section: CVE-2024-6387 remediation plan details for PowerScale OneFS 9.7.1.2 |
| 5.0 | 2024-10-03 | Updated the Affected Products and Remediation table |
| 6.0 | 2024-12-10 | Updated Additional Info section: CVE-2024-6387 remediation plan details for PowerScale OneFS 9.5.1.1 |
| 7.0 | 2025-10-08 | Updated the Additional Info section, proprietary code CVE descriptions and remediated versions |
| 8.0 | 2025-10-09 | Minor formatting adjustments |
相关信息
法律免责声明
受影响的产品
PowerScale OneFS文章属性
文章编号: 000228207
文章类型: Dell Security Advisory
上次修改时间: 09 10月 2025
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。