Panzura Security Advisory PZOS-2013-006

Issue Date: 09/30/2013
Updated Date: 09/30/2013
Title: PZOS SSH Privilege Escalation
Classification: Moderate
Status: Closed
Affected Products: PZOS 5.2.0.3 or Below

Summary

A vulnerability in the SSH implementation on the Panzura PZOS has been discovered. Exploitation of this vulnerability may result in privilege escalation in which the user is able to perform operations that should not be allowed.

Details

On PZOS, different functionality is segregated by users. A condition exists in which a user connecting to the controller is able to perform actions that should not be allowed for that user.

Resolution

Upgrade the appliance to PZOS version 5.2.1.0 or higher; any future major or minor releases will also correct the issue. Release notes for this version outlining the correction of this vulnerability are documented here.

Back to Advisories List