Panzura Security Advisory PZOS-2016-002

Issue Date: 04/18/2016
Title: Multiple SAMBA Vulnerabilities AKA Badlock
Classification: Medium
Status: Open
Affected Products: PZOS – All Supported Versions

Summary

Multiple vulnerabilities have been discovered in SAMBA, the portion of code in Panzura controllers that allows Windows clients to access data across the network from the controller. These vulnerabilities are more commonly known as Badlock (CVE-2016-2118).

Details

Panzura controllers appear as file servers to Windows clients. Such access is is enabled by using SAMBA code. Multiple vulnerabilities, mostly denial of service or man-in-the-middle attacks, were discovered in the SAMBA code. Although Badlock is technically only one vulnerability, several vulnerabilities are associated with Badlock, and so have been grouped together. In particular, the following vulnerabilities (and their status with respect to Panzura controllers) were discovered:

More information can also be found at the Badlock site.

Patches addressing these vulnerabilities will be available soon. Customers are urged to monitor this page, and upgrade when possible.

Back to Advisories List