Panzura Security Advisory PZOS-2013-003

Issue Date: 03/04/2013
Updated Date: 03/04/2013
Title: PZOS CIFS Denial of Service
Classification: Low
Status: Closed
Affected Products: PZOS 3.0.6.0.5075.E or Below

Summary

A vulnerability in the CIFS/SMB implementation on the Panzura PZOS version 3.0.6.0.5075.E or below has been discovered. This vulnerability may result in a malicious client causing a Denial of Service (DoS) attack.

Details

A condition exists in the PZOS implementation of the CIFS/SMB protocol whereby the sending of a large volume of specifically constructed malicious mount requests could disable or impact Cloud Controller service to the client base.

An exploit of this vulnerability could result in loss of service due to resource exhaustion via a targeted Denial of Service attack.

Resolution

Upgrade the Panzura software to PZOS version 5.0.1.0 or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.


Back to Advisories List