|Title:||SAMBA Remote Code Execution|
|Affected Products:||PZOS – All Supported Versions|
The SAMBA component of the PZOS software contains a vulnerability in which a malicious client can have the SAMBA server execute unauthorized code that was uploaded.
PZOS uses SAMBA to act as a Windows share. Recently a remote code execution vulnerability was discovered. A malicious client can upload a shared library into a writeable share that the SAMBA server will execute, thereby compromising the controller. To exploit the vulnerability, the attacker needs to be authenticated and have writeable access to a share.
The original security vulnerability announcement can be found here: https://www.samba.org/samba/security/CVE-2017-7494.html
Panzura has created the 126.96.36.199 release which contains the fix for this vulnerability. The release notes are available here.