Panzura Security Advisory PZOS-2017-001

Issue Date: 05/26/2017
Title: SAMBA Remote Code Execution
Classification: High
Status: Open
Affected Products: PFOS – All Supported Versions

Summary

The SAMBA component of the PFOS software contains a vulnerability in which a malicious client can have the SAMBA server execute unauthorized code that was uploaded.

Details

PFOS uses SAMBA to act as a Windows share. Recently a remote code execution vulnerability was discovered. A malicious client can upload a shared library into a writeable share that the SAMBA server will execute, thereby compromising the controller. To exploit the vulnerability, the attacker needs to be authenticated and have writeable access to a share.

Panzura has created the 6.3.1.3 release which contains the fix for this vulnerability. The release notes are available here.

The original security vulnerability announcement can be found at https://www.samba.org/samba/security/CVE-2017-7494.html

Back to Advisories List