Panzura Security Advisory PZOS-2016-002
|Title:||Multiple SAMBA Vulnerabilities AKA Badlock|
|Affected Products:||PZOS – All Supported Versions|
Multiple vulnerabilities have been discovered in SAMBA, the portion of code in Panzura controllers that allows Windows clients to access data across the network from the controller. These vulnerabilities are more commonly known as Badlock (CVE-2016-2118).
Panzura controllers appear as file servers to Windows clients. Such access is is enabled by using SAMBA code. Multiple vulnerabilities, mostly denial of service or man-in-the-middle attacks, were discovered in the SAMBA code. Although Badlock is technically only one vulnerability, several vulnerabilities are associated with Badlock, and so have been grouped together. In particular, the following vulnerabilities (and their status with respect to Panzura controllers) were discovered:
- CVE-2015-5370: vulnerable
- CVE-2016-2110: vulnerable
- CVE-2016-2111: not vulnerable
- CVE-2016-2112: vulnerable
- CVE-2016-2113: not vulnerable
- CVE-2016-2114: not vulnerable
- CVE-2016-2115: vulnerable
- CVE-2016-2118: vulnerable
More information can also be found at the Badlock site.
Patches addressing these vulnerabilities will be available soon. Customers are urged to monitor this page, and upgrade when possible.