HP CIFS Server 2.2m Release Note version A.01.11.05
HP CIFS Server Release Note
Features and Fixes in Recent Releases
Chapter 1 7
Features and Fixes in Recent Releases
Fixes in HP CIFS Server A.01.11.04
HP CIFS Server A.01.11.04 provides the following fixes:
• Potential Integer Overflow Vulnerability SSRT4885
(CR JAGaf50678)
A security vulnerability, CAN-2004-1154, has been found in the MS
RPC unmarshalling code of HP CIFS Server. This problem could
potentially be exploited to gain root access remotely. HP has made
the recommended fixes, according to Samba 3.0.
• Wrong Depot Size (CR JAGaf02001)
HP CIFS Server will now only provide Samba source code files in a
single compressed gz file, /opt/samba_src/samba/source.tar.gz,
rather than many uncompressed files as in previous releases. Only
the root user can gunzip/untar the file to uncompress this file. The
source code files remain accessible only to root.
• %U Problem (CR JAGaf50442)
This fix corrects a problem in which the %U variable could not be
treated as the session name on the CIFS server, the %U variable was
incorrectly expanded to the HPUX user name instead of the Windows
user name.
Fixes in HP CIFS Server A.01.11.03
HP CIFS Server A.01.11.03 provides the following fixes:
potential security
vulnerability
(CR JAGaf42460)
A fix has been implemented for a potential security vulnerability where a
user can potentially gain arbitrary file access to a share with the wide
links= yes smb.conf option.
New fixes in the HP CIFS Server A.01.11.02
potential security
vulnerability
(CR JAGaf33614)
This fix provides checks for potential buffer overrun problem when using
the name mangling function.