| Issue Date: | 2013/03/04 |
| Updated Date: | 2013/03/04 |
| Title: | PZOS CIFS Denial of Service |
| Classification: | Low |
| Status: | Closed |
| Affected Products: | PZOS 3.0.6.0.5075.E or Below |
Summary
A vulnerability in the CIFS/SMB implementation on the Panzura PZOS version 3.0.6.0.5075.E or below has been discovered. This vulnerability may result in a malicious client causing a Denial of Service (DoS) attack.
Details
A condition exists in the PZOS implementation of the CIFS/SMB protocol whereby the sending of a large volume of specifically constructed malicious mount requests could disable or impact Cloud Controller service to the client base.
An exploit of this vulnerability could result in loss of service due to resource exhaustion via a targeted Denial of Service attack.
Resolution
Upgrade the Panzura software to PZOS version 5.0.1.0 or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.