Panzura Security Advisory PZOS-2013-002
|Title:||PZOS RPC Unauthorized Object Ownership Change|
|Affected Products:||PZOS 220.127.116.11.5075.E or Below|
A vulnerability in the RPC (remote procedure call) implementation on the Panzura PZOS version 18.104.22.168.5075.E or below has been discovered. This vulnerability may result in an unauthorized user modifying object ownership via a structured RPC request.
A condition can exist in the PZOS execution of remote procedure calls through the sending of a specifically constructed request an authenticated but unauthorized remote attacker could modify object ownership.
An exploit (none known to exist at this time) of this vulnerability could result in unauthorized data modification, specifically ownership of files and folders within the hosted files.
Upgrade the Panzura software to PZOS version 22.214.171.124 or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.