Panzura Security Advisory PFOS-2017-003

Issue Date: 07/18/2017
Title: node.js Out of Bounds Access and Denial of Service
Classification: Low
Status: Open
Affected Products: PFOS – 7.X versions through 7.0.0.1

Summary

The GUI component of PFOS software contains two vulnerabilities. One in which out of bounds data was being read, and one which allowed a DNS attack to cause a denial of service.

Details

The GUI component of PFOS is implemented using node.js. Two recent vulnerabilities were discovered. The first allowed a specially crafted DNS packet to cause the GUI to read out of bounds data. The second allowed another specially crafted DNS packet to cause a denial of service against the GUI.

Panzura is in the process of creating upgrades for all supported releases. Release notes for the new versions outlining the correction of this vulnerability will be documented here.

See https://nodesource.com/blog/node-js-security-release-summary-july-2017/ for more information.

Back to Advisories List