The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.

The remote host is using ProFTPD, a free FTP server for Unix and Linux.
According to its banner, the version of ProFTPD installed on the remote host is prior to 1.3.5b or 1.3.6x prior to 1.3.6rc2 and is affected by an issue in the mod_tls module, which might cause a weaker than intended Diffie-Hellman key to be used.

The specific version of ProFTPD that the system is running is reportedly affected by the following vulnerabilities:

- ProFTPD contains a flaw that may result in Diffie Hellman key exchanges using 1024 bits instead of the intended 4096 bits. This may result in them being significantly less cryptographically secure. (CVE-2016-3125)

- ProFTPD contains an out-of-bounds read flaw in the pr_fs_dircat() function in fsio.c that may allow a remote attacker to cause a crash or potentially disclose memory contents.

proftpd was updated to fix one security issue.

This security issue was fixed :

  - CVE-2016-3125: The mod_tls module in ProFTPD before     1.3.5b and 1.3.6 before 1.3.6rc2 does not properly     handle the TLSDHParamFile directive, which might cause a     weaker than intended Diffie-Hellman (DH) key to be used     and consequently allow attackers to have unspecified     impact via unknown vectors. Aliased: (boo#970890).

This proftpd update to version 1.3.5b fixes the following issues :

Security issues fixed :

  - CVE-2016-3125: Fixed selection of DH groups from     TLSDHParamFile. (boo#970890)

Bugs fixed :

  - update to 1.3.5b:
    http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b

  - SSH RSA hostkeys smaller than 2048 bits now work     properly.

  - MLSD response lines are now properly CRLF terminated.

MITRE reports :

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.

Cumulative maintenance release from upstream. Highlights are: * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. * Fixed selection of DH groups from TLSDHParamFile (CVE-2016-3125) Various other bug fixes are also included.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

Cumulative maintenance release from upstream. Highlights are: * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. * Fixed selection of DH groups from TLSDHParamFile (CVE-2016-3125). Various other bug fixes are also included.

Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.

ID	Name	Product	Family	Severity
106755	ProFTPD < 1.3.5b / 1.3.6x < 1.3.6rc2 weak Diffie-Hellman key	Nessus	FTP	high
802012	ProFTPD 1.3.5a, 1.3.6rc1 Multiple Vulnerabilities	Log Correlation Engine	FTP Servers	critical
91588	openSUSE Security Update : proftpd (openSUSE-2016-713)	Nessus	SuSE Local Security Checks	high
91273	openSUSE Security Update : proftpd (openSUSE-2016-603)	Nessus	SuSE Local Security Checks	high
90607	FreeBSD : proftpd -- vulnerability in mod_tls (a733b5ca-06eb-11e6-817f-3085a9a4510d)	Nessus	FreeBSD Local Security Checks	high
90222	Fedora 24 : proftpd-1.3.5b-1.fc24 (2016-ac3587be9a)	Nessus	Fedora Local Security Checks	high
90046	Fedora 22 : proftpd-1.3.5b-1.fc22 (2016-f95d8ea3ad)	Nessus	Fedora Local Security Checks	high
90042	Fedora 23 : proftpd-1.3.5b-1.fc23 (2016-977d57cf2d)	Nessus	Fedora Local Security Checks	high

Detections

Analytics

CVE-2016-3125

high

Tenable Plugins

high

critical

high

high

high

high

high

high