Panzura Security Advisory PZOS-2017-001

Issue Date: 05/26/2017
Title: SAMBA Remote Code Execution
Classification: High
Status: Open
Affected Products: PFOS – All Supported Versions


The SAMBA component of the PFOS software contains a vulnerability in which a malicious client can have the SAMBA server execute unauthorized code that was uploaded.


PFOS uses SAMBA to act as a Windows share. Recently a remote code execution vulnerability was discovered. A malicious client can upload a shared library into a writeable share that the SAMBA server will execute, thereby compromising the controller. To exploit the vulnerability, the attacker needs to be authenticated and have writeable access to a share.

Panzura has created the release which contains the fix for this vulnerability. The release notes are available here.

The original security vulnerability announcement can be found at

Back to Advisories List