[OpenAFS] Microsoft Security Hot Fix MS11-043 breaks OpenAFS client

Jeffrey Altman jaltman@your-file-system.com
Thu, 16 Jun 2011 10:40:28 -0700

This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: quoted-printable

Please be aware that this past Tuesday Microsoft pushed out a Security
Fix for the Microsoft SMB Redirector for all versions of Windows back to
XP and Server 2003.  This hot fix, MS11-043, patches a critical
vulnerability in the SMB Redirector that can result in Remote Code
Execution.  As a result I cannot recommend that this hot fix not be
applied.  MS11-043 replaces MS11-019 and MS10-020.


MS11-043 when applied will break the OpenAFS Client.  The SMB protocol
responses issued by the OpenAFS SMB server implementation do not pass
the validation checks now imposed by the Microsoft SMB redirector.

At this time I have no knowledge of what changes were made to the
Microsoft SMB redirector and in what manner the OpenAFS SMB Server
responses are invalid.

The OpenAFS IFS implementation is not quite ready for broad production
use but it may be the only option available to the community at this time=

Further information to follow on a possible rushed release cycle for the
IFS functionality to the general public in its current state.

Jeffrey Altman

Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"

Version: GnuPG v1.4.9 (MingW32)