| Issue Date: | 2016/04/18 |
| Updated Date: | 2016/04/18 |
| Title: | Multiple SAMBA Vulnerabilities AKA Badlock |
| Classification: | Medium |
| Status: | Closed |
| Affected Products: | PZOS – All Supported Versions |
Summary
Multiple vulnerabilities have been discovered in SAMBA, the portion of code in Panzura controllers that allows Windows clients to access data across the network from the controller. These vulnerabilities are more commonly known as Badlock (CVE-2016-2118).
Details
Panzura controllers appear as file servers to Windows clients. Such access is is enabled by using SAMBA code. Multiple vulnerabilities, mostly denial of service or man-in-the-middle attacks, were discovered in the SAMBA code. Although Badlock is technically only one vulnerability, several vulnerabilities are associated with Badlock, and so have been grouped together. In particular, the following vulnerabilities (and their status with respect to Panzura controllers) were discovered:
- CVE-2015-5370: vulnerable
- CVE-2016-2110: vulnerable
- CVE-2016-2111: not vulnerable
- CVE-2016-2112: vulnerable
- CVE-2016-2113: not vulnerable
- CVE-2016-2114: not vulnerable
- CVE-2016-2115: vulnerable
- CVE-2016-2118: vulnerable
More information can also be found at the Badlock site.
Resolution
Patches addressing these vulnerabilities are available. Please consult Panzura Support for the appropriate patches or release upgrade.