CVE-2016-3125
First published: Tue Apr 05 2016(Updated: )
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ProFTPD | <=1.3.5 | |
| ProFTPD | =1.3.6-rc1 | |
| SUSE Linux | =13.1 | |
| Fedora | =22 | |
| Fedora | =23 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.proftpd.org/show_bug.cgi?id=4230
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179109.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179143.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179905.html
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00080.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00045.html
- http://proftpd.org/docs/NEWS-1.3.5b
- http://proftpd.org/docs/NEWS-1.3.6rc2
- http://www.openwall.com/lists/oss-security/2016/03/11/14
- http://www.openwall.com/lists/oss-security/2016/03/11/3
Frequently Asked Questions
What is the severity of CVE-2016-3125?
CVE-2016-3125 has been classified as a medium-severity vulnerability due to potential weaknesses in the Diffie-Hellman key generation.
How do I fix CVE-2016-3125?
To fix CVE-2016-3125, you should upgrade to ProFTPD version 1.3.6rc2 or later.
What is affected by CVE-2016-3125?
CVE-2016-3125 affects ProFTPD versions earlier than 1.3.5b and 1.3.6 before 1.3.6rc2.
What impact can CVE-2016-3125 have on my system?
CVE-2016-3125 could potentially allow attackers to exploit weaker than intended keys used in the TLS handshake.
Does CVE-2016-3125 affect specific operating systems?
Yes, CVE-2016-3125 affects various operating systems including openSUSE 13.1 and Fedora versions 22 and 23.
- agent/references
- agent/weakness
- agent/type
- agent/author
- agent/severity
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/proftpd
- canonical/proftpd
- version/proftpd/1.3.5
- version/proftpd/1.3.6-rc1
- vendor/opensuse
- canonical/suse linux
- version/suse linux/13.1
- vendor/fedoraproject
- canonical/fedora
- version/fedora/22
- version/fedora/23