Panzura Security Advisory PZOS-2013-005

Issue Date: 03/04/2013
Updated Date: 03/04/2013
Title: PZOS CIFS Buffer Overflow
Classification: Important
Status: Closed
Affected Products: PZOS 3.0.6.0.5075.E or Below

Summary

A vulnerability in the CIFS implementation on the Panzura PZOS version 3.0.6.0.5075.E or below has been discovered. This vulnerability may result in an unauthorized user executing arbitrary code via a structured request.

Details

A buffer overflow condition can exist in the PZOS implementation of the CIFS protocol whereby a specifically constructed mount request could disable the Cloud Controller CIFS service to the client base and potentially execute arbitrary code via an exposed file share.

An exploit (none known to exist at this time) of this vulnerability could result in unauthorized access or data modification, disruption of service, or disabling the appliance.

Resolution

Upgrade the Panzura software to PZOS version 5.0.1.0 or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.

Back to Advisories List