1. Knowledge Base
  2. Security Advisories

PZOS-2013-003: PZOS CIFS Denial of Service

Issue Date: 2013/03/04
Updated Date: 2013/03/04
Title: PZOS CIFS Denial of Service
Classification: Low
Status: Closed
Affected Products: PZOS or Below


A vulnerability in the CIFS/SMB implementation on the Panzura PZOS version or below has been discovered. This vulnerability may result in a malicious client causing a Denial of Service (DoS) attack.


A condition exists in the PZOS implementation of the CIFS/SMB protocol whereby the sending of a large volume of specifically constructed malicious mount requests could disable or impact Cloud Controller service to the client base.

An exploit of this vulnerability could result in loss of service due to resource exhaustion via a targeted Denial of Service attack.


Upgrade the Panzura software to PZOS version or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.