1. Knowledge Base
  2. Security Advisories

PZOS-2013-002: PZOS RPC Unauthorized Object Ownership Change

Issue Date: 2013/03/04
Updated Date: 2013/03/04
Title: PZOS RPC Unauthorized Object Ownership Change
Classification: Important
Status: Closed
Affected Products: PZOS or Below


A vulnerability in the RPC (remote procedure call) implementation on the Panzura PZOS version or below has been discovered. This vulnerability may result in an unauthorized user modifying object ownership via a structured RPC request.


A condition can exist in the PZOS execution of remote procedure calls through the sending of a specifically constructed request an authenticated but unauthorized remote attacker could modify object ownership.

An exploit (none known to exist at this time) of this vulnerability could result in unauthorized data modification, specifically ownership of files and folders within the hosted files.


Upgrade the Panzura software to PZOS version or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.