Panzura Security Advisory PZOS-2013-001

Issue Date: 03/04/2013
Updated Date: 03/04/2013
Title: PZOS RPC Buffer Overflow
Classification: Critical
Status: Closed
Affected Products: PZOS 3.0.6.0.5075.E or Below

Summary

A vulnerability in the RPC (remote procedure call) implementation on the Panzura PZOS version 3.0.6.0.5075.E or below has been discovered. This vulnerability can result in a buffer overflow that may allow an unauthorized user to execute arbitrary code via a structured RPC request.

Details

A buffer overflow condition can exist in the PZOS execution of remote procedure calls. By sending a specifically constructed packet, an unauthenticated remote attacker could cause a denial of service or arbitrary code execution with elevated system privileges.

An exploit (none known to exist at this time) of this vulnerability could result in unauthorized access or data modification, disruption of service, or disabling the appliance.

Resolution

Upgrade the Panzura software to PZOS version 5.0.1.0 or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.

Back to Advisories List