Panzura Security Advisory QSCC-2013-001

Issue Date: 03/14/2013
Updated Date: 03/14/2013
Title: iDRAC Firmware Update
Classification: Important
Status: Closed
Affected Products: Quicksilver Cloud Controllers w/iDRAC6

Summary

A number of vulnerabilities exist due to integration of open-source packages in the firmware for the Integrated Dell Remote Access Controller 6 (iDRAC6).

Details

The iDRAC6 remote access controller incorporated into the Panzura Quicksilver Cloud controller incorporates the following open-source packages into its firmware:

OpenSSL

OpenLDAP

libxml

Older releases of these packages have a number of well-publicized vulnerabilities including some critical issues with known exploits.

Malicious activities targeting these packages could result in unauthorized access to the iDRAC console, password compromise, or disabling the appliance.

Mitigation

Attach the dedicated Ethernet connection for the iDRAC6 controller into a management subnet with tightly controlled access separate from user traffic.

Resolution

iDRAC6 firmware release 1.95 upgrades these packages to the following versions:

OpenSSL: 1.0.0j

OpenLDAP: 2.4.32

libxml: 2.9.0

Release notes and patch information for this version are located at the Dell Support Website.

Back to Advisories List