1. CVE-Search
  2. CVE-2016-3125
ID CVE-2016-3125
Summary The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
References
Vulnerable Configurations
  • cpe:2.3:a:proftpd:proftpd:1.3.0:a:*:*:*:*:*:*
    cpe:2.3:a:proftpd:proftpd:1.3.0:a:*:*:*:*:*:*
  • cpe:2.3:a:proftpd:proftpd:1.3.2:a:*:*:*:*:*:*
    cpe:2.3:a:proftpd:proftpd:1.3.2:a:*:*:*:*:*:*
  • cpe:2.3:a:proftpd:proftpd:1.3.3:a:*:*:*:*:*:*
    cpe:2.3:a:proftpd:proftpd:1.3.3:a:*:*:*:*:*:*
  • cpe:2.3:a:proftpd:proftpd:1.3.4:a:*:*:*:*:*:*
    cpe:2.3:a:proftpd:proftpd:1.3.4:a:*:*:*:*:*:*
  • cpe:2.3:a:proftpd:proftpd:1.3.5:a:*:*:*:*:*:*
    cpe:2.3:a:proftpd:proftpd:1.3.5:a:*:*:*:*:*:*
  • cpe:2.3:a:proftpd:proftpd:1.3.6:rc1:*:*:*:*:*:*
    cpe:2.3:a:proftpd:proftpd:1.3.6:rc1:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:opensuse:13.1:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
  • cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
    cpe:2.3:o:fedoraproject:fedora:23:*:*:*:*:*:*:*
CVSS
Base: 5.0 (as of 30-10-2018 - 16:27)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:N/AC:L/Au:N/C:P/I:N/A:N
refmap via4
confirm
fedora
  • FEDORA-2016-977d57cf2d
  • FEDORA-2016-ac3587be9a
  • FEDORA-2016-f95d8ea3ad
mlist
  • [oss-security] 20160311 ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters
  • [oss-security] 20160311 Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters
suse
  • openSUSE-SU-2016:1334
  • openSUSE-SU-2016:1558
Last major update 30-10-2018 - 16:27
Published 05-04-2016 - 20:59
Last modified 30-10-2018 - 16:27
Back to Top