1. Knowledge Base
  2. Security Advisories

PZOS-2017-001: SAMBA Remote Code Execution

Issue Date: 2017/05/26
Updated Date: 2017/05/26
Title: SAMBA Remote Code Execution
Classification: High
Status: Closed
Affected Products: PZOS – All Supported Versions


The SAMBA component of the PZOS software contains a vulnerability in which a malicious client can have the SAMBA server execute unauthorized code that was uploaded.


PZOS uses SAMBA to act as a Windows share. Recently a remote code execution vulnerability was discovered. A malicious client can upload a shared library into a writeable share that the SAMBA server will execute, thereby compromising the controller. To exploit the vulnerability, the attacker needs to be authenticated and have writeable access to a share.

The original security vulnerability announcement can be found here: https://www.samba.org/samba/security/CVE-2017-7494.html


Panzura has created the release which contains the fix for this vulnerability. The release notes are available here.