Panzura Security Advisory PFOS-2017-002
|Title:||SAMBA Kerberos Mutual Authentication Vulnerability|
|Affected Products:||PFOS – 6.3.X versions through 220.127.116.11 and 7.X versions through 18.104.22.168|
The SAMBA component of PFOS software contains a vulnerability in which an attacker may impersonate a trusted server, and, leveraging its position, gain unauthorized domain access.
PFOS uses SAMBA in order to act as a Windows share. A recent mutual authentication vulnerability was recently discovered. A malicious server can impersonate a trusted server due to the bug in the Kerberos authentication code. As a trusted server, the attacker can then gain unauthorized access to the domain. More information is available at CVE-2017-11103.
Panzura is in the process of creating upgrades for all supported releases. Release notes for the new versions outlining the correction of this vulnerability will be documented here.