[OpenAFS] Microsoft Security Hot Fix MS11-043 breaks OpenAFS client

Jeffrey Altman jaltman@your-file-system.com
Thu, 16 Jun 2011 10:40:28 -0700


This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig1E4D5BCC5AFC64B4DB0FAE92
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Please be aware that this past Tuesday Microsoft pushed out a Security
Fix for the Microsoft SMB Redirector for all versions of Windows back to
XP and Server 2003.  This hot fix, MS11-043, patches a critical
vulnerability in the SMB Redirector that can result in Remote Code
Execution.  As a result I cannot recommend that this hot fix not be
applied.  MS11-043 replaces MS11-019 and MS10-020.

https://www.microsoft.com/technet/security/bulletin/ms11-043.mspx

MS11-043 when applied will break the OpenAFS Client.  The SMB protocol
responses issued by the OpenAFS SMB server implementation do not pass
the validation checks now imposed by the Microsoft SMB redirector.

At this time I have no knowledge of what changes were made to the
Microsoft SMB redirector and in what manner the OpenAFS SMB Server
responses are invalid.

The OpenAFS IFS implementation is not quite ready for broad production
use but it may be the only option available to the community at this time=
=2E

Further information to follow on a possible rushed release cycle for the
IFS functionality to the general public in its current state.

Jeffrey Altman


--------------enig1E4D5BCC5AFC64B4DB0FAE92
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)

iQEcBAEBAgAGBQJN+kANAAoJENxm1CNJffh4VW4H/1RMvSObLopVoQnsid+87if3
sZMn7o8KHYNUqfCvIh9/K6u5NF703rTVCexmfN5/jkaqRVTxi5AnX5N+Q7FuNvw+
5K6ZVVzRx4EWtiwLQi0dP8DjtpOd2vSxHUIaYMna/ZwKb5Pftd7kvxtPcg93rqua
K2lNYxsseSGxu39B0N7IHDB84fAFRz6B3kEqfD33TVDYJTAAt3bW/14eyVgkkNSq
CUHxqbPUfZmp690HJT7nGVWpfjSsabus7x70sdtVHShMTBuQktVnvmAmH1IHyzWI
Bzs3CB9BI4vz69SKW2AqnWAkF+NYiYcdWYFu9Q2OG5P5CXAgVMXJhYUMVZMjs3Y=
=pECC
-----END PGP SIGNATURE-----

--------------enig1E4D5BCC5AFC64B4DB0FAE92--