1557 matches found
CVE-2016-3125
The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...
CVE-2016-3125
The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...
Design/Logic Flaw
The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...
CVE-2016-3125
ProFTPD mod_tls TLSDHParamFile handling flaw (CVE-2016-3125) may cause a weaker DH key to be used. Affected: ProFTPD before 1.3.5b and before 1.3.6rc2. Remediation: upgrade to 1.3.5b+ or 1.3.6rc2+ (or newer) where patched. Notes from openSUSE/SUSE advisories confirm the fix in later releases.
CVE-2016-3125
The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...
CVE-2016-3125
The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...
MGASA-2016-0128 Updated proftpd packages fix security vulnerability
A bug with security implications was found in the modtls module in ProFTPD before 1.3.5b. This module has a configuration option TLSDHParamFile to specify user-defined Diffie Hellman parameters. The software would ignore the user-defined parameters and use Diffie Hellman key exchanges with 1024...
Updated proftpd packages fix security vulnerability
A bug with security implications was found in the modtls module in ProFTPD before 1.3.5b. This module has a configuration option TLSDHParamFile to specify user-defined Diffie Hellman parameters. The software would ignore the user-defined parameters and use Diffie Hellman key exchanges with 1024...
Fedora 24 : proftpd-1.3.5b-1.fc24 (2016-ac3587be9a)
Cumulative maintenance release from upstream. Highlights are: SSH RSA hostkeys smaller than 2048 bits now work properly. MLSD response lines are now properly CRLF terminated. Fixed selection of DH groups from TLSDHParamFile CVE-2016-3125 Various other bug fixes are also included. Note that Tenabl...
[SECURITY] Fedora 24 Update: proftpd-1.3.5b-1.fc24
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
[SECURITY] Fedora 23 Update: proftpd-1.3.5b-1.fc23
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
Fedora 23 : proftpd-1.3.5b-1.fc23 (2016-977d57cf2d)
Cumulative maintenance release from upstream. Highlights are: SSH RSA hostkeys smaller than 2048 bits now work properly. MLSD response lines are now properly CRLF terminated. Fixed selection of DH groups from TLSDHParamFile CVE-2016-3125. Various other bug fixes are also included. Note that Tenab...
Fedora Update for proftpd FEDORA-2016-977
The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
Fedora 22 : proftpd-1.3.5b-1.fc22 (2016-f95d8ea3ad)
Cumulative maintenance release from upstream. Highlights are: SSH RSA hostkeys smaller than 2048 bits now work properly. MLSD response lines are now properly CRLF terminated. Fixed selection of DH groups from TLSDHParamFile CVE-2016-3125. Various other bug fixes are also included. Note that Tenab...
[SECURITY] Fedora 22 Update: proftpd-1.3.5b-1.fc22
ProFTPD is an enhanced FTP server with a focus toward simplicity, security, and ease of configuration. It features a very Apache-like configuration syntax, and a highly customizable server infrastructure, including support for multiple 'virtual' FTP servers, anonymous FTP, and permission-based...
proftpd -- vulnerability in mod_tls
MITRE reports: The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...
Fedora 22 : proftpd-1.3.5a-5.fc22 (2015-97055df8a0)
Part of the SFTP handshake involves 'extensions', which are key/value pairs, comprised of strings. In SSH, strings are encoded for network transport as a 32-bit length, followed by the bytes. The modsftp module currently places no bounds/length limitations when reading these SFTP extension...
Updated proftpd packages fix security vulnerabilities
Updated proftpd packages fix security vulnerability: Part of the SFTP handshake involves "extensions", which are key/value pairs, comprised of strings. In SSH, strings are encoded for network transport as a 32-bit length, followed by the bytes. The modsftp module currently places no bounds/length...
MGASA-2015-0485 Updated proftpd packages fix security vulnerabilities
Updated proftpd packages fix security vulnerability: Part of the SFTP handshake involves "extensions", which are key/value pairs, comprised of strings. In SSH, strings are encoded for network transport as a 32-bit length, followed by the bytes. The modsftp module currently places no bounds/length...
ProFTPD拒绝服务漏洞
No description provided by source...