Manualshelf

Release Notes

ManualsBrandsDell ManualsActive System ManagerDRAC4 Version 1.60
12345678910
file:///T|/htdocs/SOFTWARE/smdrac3/drac4/160/en/readme/readme.txt[10/26/2012 9:58:48 AM]
- Nessus reports HTTP (80/tcp) vulnerability as: "It may be
possible to make a web server execute arbitrary code by sending
it a too long URL after/jsp. Ie: GET /jsp/AAAA.....AAAAA."
This report is displayed due to all HTTP requests (legal or
not) being forwarded by the DRAC 4 to HTTPS. It is not a
security issue on the DRAC 4.
- Nessus reports HTTP (80/tcp) vulnerability as: "It was possible
to disable the remote IIS server by making a specially formed
PROPFIND request."
This report is displayed due to all HTTP requests (legal
or not) being forwarded by the DRAC 4 to HTTPS. It is not
a security issue on the DRAC 4.
- Nessus reports HTTPS (443/tcp) vulnerability as: "The remote
web server is vulnerable to a format string attack. If it is
ePolicy Orchestrator, an attacker may use this flaw to execute
code with the SYSTEM privileges on this host."
The DRAC 4 returns Error 414 with an unsupported long format
string in the GET operation. This operation is correct and
should not cause any security vulnerability.
- Nessus reports syslog (514/udp) vulnerability as: "WinSyslog is
an enhanced syslog server for Windows. A vulnerability in the
product allows remote attackers to cause the WinSyslog to
freeze, which in turn will also freeze the operating system
on which the product executes."
Since the DRAC 4 does not support WinSyslog port 514,
the Nessus plug-in gets confused. This report is not a
security issue on the DRAC 4.
* The DRAC 4 racadm, version 4.0.0, does not support management of
remote ERA/MC DRAC configurations. ERA/MC configurations should
continue to be managed by the racadm utility that officially
supports the ERA/MC configuration.
* DRAC 4 allows CA Enterprise Root Server and all user type
certificates to be uploaded into the DRAC 4 Web server, which
causes client Web browser SSL authentication failure. To avoid
this error, upload only the X509 Web Server-type certificates
into the DRAC 4 (select only the Web browser type in Microsoft
certificate generating utility).
* If you are using Minicom as the DRAC 4 serial terminal and have
the Minicom status line enabled, resize the window to 80 x 26.
Resizing allows for 26 lines of text and one line of Minicom
status. The default Minicom command key is "<Ctrl><A>." If you
need to use "<Ctrl><A>" to enter the SCSI BIOS setup screen,
redefine the Minicom control key from the "Screen and Keyboard
Settings" menu.