Panzura Security Advisory PZOS-2013-006
|Title:||PZOS SSH Privilege Escalation|
|Affected Products:||PZOS 220.127.116.11 or Below|
A vulnerability in the SSH implementation on the Panzura PZOS has been discovered. Exploitation of this vulnerability may result in privilege escalation in which the user is able to perform operations that should not be allowed.
On PZOS, different functionality is segregated by users. A condition exists in which a user connecting to the controller is able to perform actions that should not be allowed for that user.
Upgrade the appliance to PZOS version 18.104.22.168 or higher; any future major or minor releases will also correct the issue. Release notes for this version outlining the correction of this vulnerability are documented here.