Release Notes

file:///T|/htdocs/SOFTWARE/smdrac3/drac4/1.50/en/readme/readme.txt[10/26/2012 10:03:23 AM]

badly-formed user name. This flaw allows an attacker to execute

This report is displayed due to all HTTP requests (legal or not)

being forwarded by the DRAC 4 to HTTPS. It is not a security

issue on the DRAC 4.

- Nessus reports HTTP (80/tcp) vulnerability as: "It may be

- Nessus reports HTTP (80/tcp) vulnerability as: "It was possible

to disable the remote IIS server by making a specially formed

PROPFIND request."

This report is displayed due to all HTTP requests (legal or not)

being forwarded by the DRAC 4 to HTTPS. It is not a security issue

on the DRAC 4.

- Nessus reports HTTPS (443/tcp) vulnerability as: "The remote web

server is vulnerable to a format string attack. If it is ePolicy

Orchestrator, an attacker may use this flaw to execute code with

the SYSTEM privileges on this host."

an enhanced syslog server for Windows. A vulnerability in the

product allows remote attackers to cause the WinSyslog to freeze,

which in turn will also freeze the operating system on which the

product executes."

Since the DRAC 4 does not support WinSyslog port 514, the Nessus

plug-in gets confused. This report is not a security issue on

the DRAC 4.

* The DRAC 4 racadm, version 4.0.0, does not support management of

remote ERA/MC DRAC configurations. ERA/MC configurations should

continue to be managed by the racadm utility that officially

supports the ERA/MC configuration.

* DRAC 4 allows CA Enterprise Root Server and all user type