[OpenAFS] Microsoft Security Bulletin MS10-020 (KB980232) vs
OpenAFS
Dave B
botsch@cnf.cornell.edu
Wed, 09 Jun 2010 08:51:01 -0400
So, it sounds like we get to choose between..
=E2=80=A2 many applications crashing due to failure to support the query
=E2=80=A2 many applications terminating due to the null security descript=
or
being returned
Out of curiosity, why can't a not null security descriptor be returned?
On Wed, 2010-05-26 at 16:12 -0500, Jeffrey Altman wrote:
> FYI. During the April 2010 Windows Update cycle a hot fix to the SMB
> redirector was pushed to Windows machines around the world.=20
> http://www.microsoft.com/technet/security/bulletin/MS10-020.mspx?pubDat=
e=3D2010-04-13
>=20
> What this fix does is add a validation operation on the data structures
> returned when an application issues the GetSecurityInfo() API.=20
> Experience has shown that failure to support this query causes many
> applications to crash. Therefore, the AFS SMB Server returns a null
> security descriptor. This descriptor is not considered valid by the ne=
w
> SMB validation code and the error STATUS_INVALID_NETWORK_RESPONSE is
> returned to the application. The failure of the API to complete result=
s
> in the termination of many applications.
>=20
> The Windows TCL implementation is known to call this API.
>=20
> The hot fix is labeled "critical" because without the validator
> arbitrary data structures can be passed to the application that issues
> the query.
>=20
> There is no known fix for the problem that we can apply to OpenAFS at
> the current time.
>=20
> Jeffrey Altman
>=20
>=20
--=20
********************************
David William Botsch
Programmer/Analyst
CNF Computing
botsch@cnf.cornell.edu
********************************