Security Advisories
      Back to home
      1. Knowledge Base
      2. Security Advisories

      PZOS-2013-003: PZOS CIFS Denial of Service

      Issue Date: 2013/03/04
      Updated Date: 2013/03/04
      Title: PZOS CIFS Denial of Service
      Classification: Low
      Status: Closed
      Affected Products: PZOS 3.0.6.0.5075.E or Below

      Summary

      A vulnerability in the CIFS/SMB implementation on the Panzura PZOS version 3.0.6.0.5075.E or below has been discovered. This vulnerability may result in a malicious client causing a Denial of Service (DoS) attack.

      Details

      A condition exists in the PZOS implementation of the CIFS/SMB protocol whereby the sending of a large volume of specifically constructed malicious mount requests could disable or impact Cloud Controller service to the client base.

      An exploit of this vulnerability could result in loss of service due to resource exhaustion via a targeted Denial of Service attack.

      Resolution

      Upgrade the Panzura software to PZOS version 5.0.1.0 or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.