Panzura Security Advisory PZOS-2017-001
|Title:||SAMBA Remote Code Execution|
|Affected Products:||PFOS – All Supported Versions|
The SAMBA component of the PFOS software contains a vulnerability in which a malicious client can have the SAMBA server execute unauthorized code that was uploaded.
PFOS uses SAMBA to act as a Windows share. Recently a remote code execution vulnerability was discovered. A malicious client can upload a shared library into a writeable share that the SAMBA server will execute, thereby compromising the controller. To exploit the vulnerability, the attacker needs to be authenticated and have writeable access to a share.
Panzura has created the 126.96.36.199 release which contains the fix for this vulnerability. The release notes are available here.