CVE Vulnerabilities

CVE-2016-3125

Published: Apr 05, 2016 | Modified: Oct 30, 2018
CVSS 3.x
7.5
HIGH
Source:
NVD
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVSS 2.x
5 MEDIUM
AV:N/AC:L/Au:N/C:P/I:N/A:N
RedHat/V2
RedHat/V3
Ubuntu
MEDIUM

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.

Affected Software

Name Vendor Start Version End Version
Proftpd Proftpd * 1.3.5 (including)
Proftpd Proftpd 1.3.6-rc1 (including) 1.3.6-rc1 (including)
Proftpd-dfsg Ubuntu artful *
Proftpd-dfsg Ubuntu esm-apps/xenial *
Proftpd-dfsg Ubuntu precise *
Proftpd-dfsg Ubuntu trusty *
Proftpd-dfsg Ubuntu upstream *
Proftpd-dfsg Ubuntu wily *
Proftpd-dfsg Ubuntu xenial *
Proftpd-dfsg Ubuntu yakkety *
Proftpd-dfsg Ubuntu zesty *

References