Release Notes

file:///T|/htdocs/SOFTWARE/smdrac3/drac4/1.35/en/readme/DRAC4Readme.txt[10/26/2012 10:06:04 AM]

This report is displayed due to all HTTP requests (legal or not)

being forwarded by the DRAC 4 to HTTPS. It is not a security

issue on the DRAC 4.

to disable the remote IIS server by making a specially formed

the SYSTEM privileges on this host.”

The DRAC 4 returns Error 414 with an unsupported long format

string in the GET operation. This operation is correct and should

not cause any security vulnerability.

- Nessus reports syslog (514/udp) vulnerability as: "WinSyslog is an

enhanced syslog server for Windows. A vulnerability in the product

allows remote attackers to cause the WinSyslog to freeze, which in

turn will also freeze the operating system on which the product

executes.”

Since the DRAC 4 does not support WinSyslog port 514, the Nessus

plug-in gets confused. This report is not a security issue on

continue to be managed by the racadm utility that officially

* DRAC 4 allows CA Enterprise Root Server and all user type

causes client Web browser SSL authentication failure. To avoid

this error, upload only the X509 Web Server-type certificates into

the DRAC 4 (select only the Web browser type in Microsoft

certificate generating utility).

* If you are using Minicom as the DRAC 4 serial terminal and have the

Minicom status line enabled, resize the window to 80 x 26.

Resizing allows for 26 lines of text and one line of Minicom

status. The default Minicom command key is "<Ctrl><A>." If you need

to use "<Ctrl><A>" to enter the SCSI BIOS setup screen, redefine the

Minicom control key from the "Screen and Keyboard Settings" menu.

* Server Administrator registers DRAC 4 on DNS if you click the