Security Advisories
      Back to home
      1. Knowledge Base
      2. Panzura CloudFS
      3. Security Advisories

      PZOS-2017-002: SAMBA Kerberos Mutual Authentication Vulnerability

      Issue Date: 2017/07/18
      Updated Date: 2017/07/18
      Title: SAMBA Kerberos Mutual Authentication Vulnerability
      Classification: Medium
      Status: Closed
      Affected Products: PZOS – 6.3.X versions through 6.3.1.4 and 7.X versions through 7.0.0.1

      Summary

      The SAMBA component of PZOS software contains a vulnerability in which an attacker may impersonate a trusted server, and, leveraging its position, gain unauthorized domain access.

      Details

      PZOS uses SAMBA in order to act as a Windows share. A recent mutual authentication vulnerability was recently discovered. A malicious server can impersonate a trusted server due to the bug in the Kerberos authentication code. As a trusted server, the attacker can then gain unauthorized access to the domain. More information is available at CVE-2017-11103.

      Resolution

      Upgrades are available for all supported releases. Please consult with Panzura Support on the appropriate upgrade for your environment.