If you’re running a Dell PowerEdge 1900, 1950, 2900, 2950, 2970, 6950, R300, T300, R605, R805, or R905 there are urgent & critical security updates that have been released by Dell on October 15, 2012. Similarly, there’s an urgent update to the Dell-supplied ESXi 4.0 U4 software.
Dell describes the fixes as “Critical Security Update –Urgent BMC Release.” To me that says Dell fixed something that’s remotely exploitable and doesn’t want to say what it was out of fear of tipping off troublemakers. I always like to know what the problem is, figuring that the bad guys probably already know, and it helps me determine my priority for the fix.
Moral of the story is that if your older Dell server has a BMC that’s configured with an IP you probably ought to patch it. I still find that the SUU disc/ISO method of updating firmware is the most effective on older Dell servers.
As an aside, I get weekly updates about all firmware, driver, and systems management updates from my Dell SE, in the form of a Product & Driver Update PDF. If you use Dell equipment and that’s of interest to you check with your account team about it. It’s pretty handy.
I notice there is also a “Critical Security Update – iDRAC6 V1.92” update released on 9/24/2012 for the R710, etc., generation of systems.