Tenable802012.PRMProFTPD 1.3.5a, 1.3.6rc1 Multiple Vulnerabilities
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
77.9%
The specific version of ProFTPD that the system is running is reportedly affected by the following vulnerabilities:
-
ProFTPD contains a flaw that may result in Diffie Hellman key exchanges using 1024 bits instead of the intended 4096 bits. This may result in them being significantly less cryptographically secure. (CVE-2016-3125)
-
ProFTPD contains an out-of-bounds read flaw in the pr_fs_dircat() function in fsio.c that may allow a remote attacker to cause a crash or potentially disclose memory contents.
Binary data 802012.prmReferences
bugs.proftpd.org/show_bug.cgi?id=4230
cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-3125
proftpd.org/docs/RELEASE_NOTES-1.3.5b
seclists.org/oss-sec/2016/q1/601
seclists.org/oss-sec/2016/q1/610
blog.fuzzing-project.org/40-Several-out-of-bounds-reads-in-ProFTPD.html
bugs.debian.org/cgi-bin/bugreport.cgi?bug=818492
security-tracker.debian.org/tracker/CVE-2016-3125
Related
CVSS2
Attack Vector
NETWORK
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS3
Attack Vector
NETWORK
Attack Complexity
LOW
Privileges Required
NONE
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
EPSS
Percentile
77.9%