1. Knowledge Base
  2. Security Advisories

PZOS-2016-002: Multiple SAMBA Vulnerabilities AKA Badlock

Issue Date: 2016/04/18
Updated Date: 2016/04/18
Title: Multiple SAMBA Vulnerabilities AKA Badlock
Classification: Medium
Status: Closed
Affected Products: PZOS – All Supported Versions


Multiple vulnerabilities have been discovered in SAMBA, the portion of code in Panzura controllers that allows Windows clients to access data across the network from the controller. These vulnerabilities are more commonly known as Badlock (CVE-2016-2118).


Panzura controllers appear as file servers to Windows clients. Such access is is enabled by using SAMBA code. Multiple vulnerabilities, mostly denial of service or man-in-the-middle attacks, were discovered in the SAMBA code. Although Badlock is technically only one vulnerability, several vulnerabilities are associated with Badlock, and so have been grouped together. In particular, the following vulnerabilities (and their status with respect to Panzura controllers) were discovered:

More information can also be found at the Badlock site.


Patches addressing these vulnerabilities are available. Please consult Panzura Support for the appropriate patches or release upgrade.