Security Advisories
      Back to home
      1. Knowledge Base
      2. Security Advisories

      PZOS-2013-004: PZOS CIFS File Resource Exhaustion

      Issue Date: 2013/03/04
      Updated Date: 2013/03/04
      Title: PZOS CIFS File Resource Exhaustion
      Classification: Moderate
      Status: Closed
      Affected Products: PZOS 3.0.6.0.5075.E or Below

      Summary

      A vulnerability in the CIFS/SMB implementation on the Panzura PZOS version 3.0.6.0.5075.E or below has been discovered. Exploitation of this vulnerability may result in a Denial of Service (DoS) attack.

      Details

      A condition exists in the PZOS implementation of the CIFS protocol whereby an excessive number of file requests in a short timeframe could disable the Cloud Controller CIFS service.

      A targeted exploit of this vulnerability could result in loss of service due to service failure.

      Resolution

      Upgrade the Panzura software to PZOS version 5.0.1.0 or higher; any future major or minor releases will also correct the issue. Release notes for this version will outline details as necessary for this correction.