Panzura Security Advisory PZOS-2013-004

Issue Date: 03/04/2013
Updated Date: 03/04/2013
Title: PZOS CIFS File Resource Exhaustion
Classification: Moderate
Status: Closed
Affected Products: PZOS 3.0.6.0.5075.E or Below

Summary

A vulnerability in the CIFS/SMB implementation on the Panzura PZOS version 3.0.6.0.5075.E or below has been discovered. Exploitation of this vulnerability may result in a Denial of Service (DoS) attack.

Details

A condition exists in the PZOS implementation of the CIFS protocol whereby an excessive number of file requests in a short timeframe could disable the Cloud Controller CIFS service.

A targeted exploit of this vulnerability could result in loss of service due to service failure.

Resolution

Upgrade the Panzura software to PZOS version 5.0.1.0 or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.

Back to Advisories List