Panzura Security Advisory PZOS-2013-003
|Title:||PZOS CIFS Denial of Service|
|Affected Products:||PZOS 18.104.22.168.5075.E or Below|
A vulnerability in the CIFS/SMB implementation on the Panzura PZOS version 22.214.171.124.5075.E or below has been discovered. This vulnerability may result in a malicious client causing a Denial of Service (DoS) attack.
A condition exists in the PZOS implementation of the CIFS/SMB protocol whereby the sending of a large volume of specifically constructed malicious mount requests could disable or impact Cloud Controller service to the client base.
An exploit of this vulnerability could result in loss of service due to resource exhaustion via a targeted Denial of Service attack.
Upgrade the Panzura software to PZOS version 126.96.36.199 or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.