Security Advisories

Panzura strives to develop products that our customers entrust with their most sensitive information; our goal is to ensure that our products meet the high standard for security our clients demand. This page will list any security vulnerability issues related to Panzura products and outline steps on how to protect them. Each advisory contains detailed information regarding the security vulnerability, affected systems, threat severity, and risk mitigation techniques for the vulnerability.

Advisory

Description

Product Version

Last Updated

PFOS-2017-003 node.js Out of Bounds Access and Denial of Service PFOS – 7.X versions through 7.0.0.1 07/18/2017
PFOS-2017-002 SAMBA Kerberos Mutual Authentication Vulnerability PFOS – 6.3.X versions through 6.3.1.4 and 7.X versions through 7.0.0.1 07/18/2017
PZOS-2017-001 SAMBA Remote Code Execution PFOS – All Supported Versions 06/07/17
PZOS-2016-002 Multiple SAMBA Vulnerabilities AKA Badlock PZOS – All Supported Versions 04/18/2016
PZOS-2016-001 DROWN vulnerability PZOS 5.6.x.x or Below 03/31/2016
PZOS-2015-002 Samba is exposed to external attack that could gain root access PZOS (all versions) 02/25/2015
PZOS-2015-001 GHOST: glibc gethostbyname buffer overflow None 01/29/2015
PZOS-2014-005 SSL is vulnerable to man-in-the-middle attack, AKA “POODLE” PZOS 5.5.0.4 or Below 02/25/2015
PZOS-2014-004 GNU-Bash Vulnerability PZOS 5.5.0.0 or Below 09/25/2014
PZOS-2014-003 PZOS Platform Information Disclosure PZOS 5.4.3.3 or Below 06/27/2014
PZOS-2014-002 OpenSSL SSL/TLS Man In The Middle Vulnerability Review PZOS 5.4.3.3 or Below 03/05/2015
PZOS-2014-001 OpenSSL TLS Heartbeat Vulnerability Review PZOS 5.4.3.1 or Below 04/09/2014
PZOS-2013-006 PZOS SSH Privilege Escalation PZOS 5.2.0.3 or Below 09/30/2013
QSCC-2013-001 iDRAC Firmware Update Controllers w/iDRAC6 03/14/2013
PZOS-2013-005 CIFS Buffer Overflow 3.0.6.0.5075.E or Below 03/04/2013
PZOS-2013-004 CIFS File Resource Exhaustion 3.0.6.0.5075.E or Below 03/04/2013
PZOS-2013-003 CIFS Denial of Service 3.0.6.0.5075.E or Below 03/04/2013
PZOS-2013-002 RPC Unauthorized Object Ownership Change 3.0.6.0.5075.E or Below 03/04/2013
PZOS-2013-001 RPC Buffer Overflow 3.0.6.0.5075.E or Below 03/04/2013

Reporting a Security Vulnerability

Please send information or questions concerning suspected security vulnerabilities to security@panzura.com. We hope our clients will contact us privately and give Panzura an opportunity to evaluate, confirm, and mitigate the vulnerability before it becomes public knowledge. Panzura encourages our clients to use our public PGP key to encrypt sensitive data sent within the email. Our email public key can be found here.

When reporting an issue please provide the following:

  • A detailed description of the problem
  • A technical contact who can answer questions
  • Your appliance model and software version
  • System logs