[OpenAFS] Attacks against AFS lead to crashing machines

Todd_DeSantis@transarc.com Todd_DeSantis@transarc.com
Fri, 7 Jun 2002 16:22:50 -0400 (EDT)


Hi -

Since I have received some emails this afternoon looking for an
update, I thought I would try to supply one.

It looks like that if you are using the latest versions of OpenAFS and
the latest versions of IBM Transarc AFS, the following systems are
still susceptible to the problem

	AIX
	IRIX

The fixes for the other platforms went into  IBM AFS at

  afs3.6 2.27

so the Patch 4 binaries are OK for the other system types.
I am not sure which version of OpenAFS has the fixes, but most folks
seem to upgrade their OpenAFS binaries quicker than their IBM AFS
bins anyways !

We are continuing to analyse the problem and will possibly give more
updates over the weekend.

And another note, normal AFS commands such as fs, cmdebug, pts, kas,
etc do NOT trigger the problem.

And it looks like the problem is isolated to AFS 3.6 code bases, and
OpenAFS is based on AFS 3.6.  So AFS 3.4a and 3.5 systems should be
OK.

Thanks for your help

Todd