|Title:||FreeBSD Security Vulnerabilities|
|Affected Products:||CloudFS 7.2.0, 7.2.1|
FreeBSD Security Vulnerabilities CVE-2018-5390 and CVE-2018-3615/20/46.
With 220.127.116.11, Panzura has moved from FreeBSD 10 to FreeBSD 12. With FreeBSD 12, 2 security vulnerabilities have been discovered, though their impact is low.
With the security vulnerability, CVE-2018-5390, an attacker can maliciously modify the network stack to cause denial-of-service attack. With the security vulnerability, CVE-2018-3615/20/46, Processors utilizing speculative execution (pre-execute some instructions) may allow unauthorized disclosure of information in cache if an attacker has execution privileges to install and execute a binary.
With the Panzura node deployed as an appliance behind a corporate firewall, an attacker would have to go through multiple levels of security before gaining access to the node.
See https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-5390 (CVE-2018-5390) and https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-3615 (CVE-2018-3615/20/46) for more details regarding these vulnerabilities.
Panzura has addressed the two security vulnerabilities in the CloudFS 7.2.2 release.