Panzura strives to develop products that our customers entrust with their most sensitive information; our goal is to ensure that our products meet the high standard for security our clients demand. This page will list any security vulnerability issues related to Panzura products and outline steps on how to protect them. Each advisory contains detailed information regarding the security vulnerability, affected systems, threat severity, and risk mitigation techniques for the vulnerability.
|
Advisory |
Description |
Product Version |
Last Updated |
| CloudFS-2020-002 | LDAP Signing and LDAP Channel Binding | All supported versions | 08/13/2019 |
| CloudFS-2020-001 | Wormable Windows SMBv3 RCE security vulnerabilities | All supported versions | 04/10/2020 |
| PZOS-2019-001 | Impact of Zombieload vulnerability for all Intel based chips on Panzura. | All supported versions | 05/31/2019 |
| CloudFS-2018-004 | Active Directory (AD) accounts admin login security vulnerabilities. | All supported versions | 11/11/2018 |
| CloudFS-2018-003 | FreeBSD security vulnerabilities CVE-2018-5390 and CVE-2018-3615/20/46 | PZOS 7.2.X or above | 08/30/2018 |
| CloudFS-2018-002 | Authenticated users are able to change the passwords for any account. | None | 03/15/2018 |
| CloudFS-2018-001 | OS kernel memory leak vulnerability in Intel processors | CloudFS 6.x and 7.x | 01/05/2018 |
| PFOS-2017-003 | node.js Out of Bounds Access and Denial of Service | PFOS – 7.X versions through 7.0.0.1 | 07/18/2017 |
| PFOS-2017-002 | SAMBA Kerberos Mutual Authentication Vulnerability | PFOS – 6.3.X versions through 6.3.1.4 and 7.X versions through 7.0.0.1 | 07/28/2017 |
| PZOS-2017-001 | SAMBA Remote Code Execution | PFOS – All Supported Versions | 06/07/17 |
| PZOS-2016-002 | Multiple SAMBA Vulnerabilities AKA Badlock | PZOS – All Supported Versions | 04/18/2016 |
| PZOS-2016-001 | DROWN vulnerability | PZOS 5.6.x.x or Below | 03/31/2016 |
| PZOS-2015-002 | Samba is exposed to external attack that could gain root access | PZOS (all versions) | 02/25/2015 |
| PZOS-2015-001 | GHOST: glibc gethostbyname buffer overflow | None | 01/29/2015 |
| PZOS-2014-005 | SSL is vulnerable to man-in-the-middle attack, AKA “POODLE” | PZOS 5.5.0.4 or Below | 02/25/2015 |
| PZOS-2014-004 | GNU-Bash Vulnerability | PZOS 5.5.0.0 or Below | 09/25/2014 |
| PZOS-2014-003 | PZOS Platform Information Disclosure | PZOS 5.4.3.3 or Below | 06/27/2014 |
| PZOS-2014-002 | OpenSSL SSL/TLS Man In The Middle Vulnerability Review | PZOS 5.4.3.3 or Below | 03/05/2015 |
| PZOS-2014-001 | OpenSSL TLS Heartbeat Vulnerability Review | PZOS 5.4.3.1 or Below | 04/09/2014 |
| PZOS-2013-006 | PZOS SSH Privilege Escalation | PZOS 5.2.0.3 or Below | 09/30/2013 |
| QSCC-2013-001 | iDRAC Firmware Update | Controllers w/iDRAC6 | 03/14/2013 |
| PZOS-2013-005 | CIFS Buffer Overflow | 3.0.6.0.5075.E or Below | 03/04/2013 |
| PZOS-2013-004 | CIFS File Resource Exhaustion | 3.0.6.0.5075.E or Below | 03/04/2013 |
| PZOS-2013-003 | CIFS Denial of Service | 3.0.6.0.5075.E or Below | 03/04/2013 |
| PZOS-2013-002 | RPC Unauthorized Object Ownership Change | 3.0.6.0.5075.E or Below | 03/04/2013 |
| PZOS-2013-001 | RPC Buffer Overflow | 3.0.6.0.5075.E or Below | 03/04/2013 |
Reporting a Security Vulnerability
Please send information or questions concerning suspected security vulnerabilities to security@panzura.com. We hope our clients will contact us privately and give Panzura an opportunity to evaluate, confirm, and mitigate the vulnerability before it becomes public knowledge. Panzura encourages our clients to use our public PGP key to encrypt sensitive data sent within the email. Our email public key can be found here.
When reporting an issue please provide the following:
- A detailed description of the problem
- A technical contact who can answer questions
- Your appliance model and software version
- System logs