Panzura Security Advisory PFOS-2017-002

Issue Date: 07/18/2017
Title: SAMBA Kerberos Mutual Authentication Vulnerability
Classification: Medium
Status: Open
Affected Products: PFOS – 6.3.X versions through 6.3.1.4 and 7.X versions through 7.0.0.1

Summary

The SAMBA component of PFOS software contains a vulnerability in which an attacker may impersonate a trusted server, and, leveraging its position, gain unauthorized domain access.

Details

PFOS uses SAMBA in order to act as a Windows share. A recent mutual authentication vulnerability was recently discovered. A malicious server can impersonate a trusted server due to the bug in the Kerberos authentication code. As a trusted server, the attacker can then gain unauthorized access to the domain. More information is available at CVE-2017-11103.

Panzura is in the process of creating upgrades for all supported releases. Release notes for the new versions outlining the correction of this vulnerability will be documented here.

Back to Advisories List