CVE-2016-3125
First published: Tue Apr 05 2016(Updated: )
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Proftpd Proftpd | <=1.3.5 | |
| Proftpd Proftpd | =1.3.6-rc1 | |
| openSUSE openSUSE | =13.1 | |
| Fedoraproject Fedora | =22 | |
| Fedoraproject Fedora | =23 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://bugs.proftpd.org/show_bug.cgi?id=4230
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179109.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179143.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179905.html
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00080.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00045.html
- http://proftpd.org/docs/NEWS-1.3.5b
- http://proftpd.org/docs/NEWS-1.3.6rc2
- http://www.openwall.com/lists/oss-security/2016/03/11/14
- http://www.openwall.com/lists/oss-security/2016/03/11/3
- agent/references
- agent/weakness
- agent/type
- agent/last-modified-date
- agent/first-publish-date
- agent/author
- agent/severity
- agent/description
- agent/event
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/mitre-cve
- source/MITRE
- vendor/proftpd
- canonical/proftpd proftpd
- version/proftpd proftpd/1.3.5
- version/proftpd proftpd/1.3.6-rc1
- vendor/opensuse
- canonical/opensuse opensuse
- version/opensuse opensuse/13.1
- vendor/fedoraproject
- canonical/fedoraproject fedora
- version/fedoraproject fedora/22
- version/fedoraproject fedora/23