Design/Logic Flaw

The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...

UBUNTU-CVE-2016-3125

The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...

CVE-2016-3125

The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...

DEBIAN-CVE-2016-3125

The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...

CVE-2016-3125

The modtls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman DH key to be used and consequently allow attackers to have unspecified impact via unknown vectors...

nss: Use-after-free in NSS during SSL connections in low memory (MFSA 2016-15)

A use-after-free flaw was found in the way NSS handled DHE Diffie–Hellman key exchange and ECDHE Elliptic Curve Diffie-Hellman key exchange handshake messages. A remote attacker could send a specially crafted handshake message that, when parsed by an application linked against NSS, would cause th...

RHEL 7 : libssh (RHSA-2016:0566)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by a vulnerability as referenced in the RHSA-2016:0566 advisory. libssh is a library which implements the SSH protocol. It can be used to implement client and server applications. Security Fixes: A type confusion...

libssh: bits/bytes confusion resulting in truncated Difffie-Hellman secret length

A type confusion issue was found in the way libssh generated ephemeral secrets for the diffie-hellman-group1 and diffie-hellman-group14 key exchange methods. This would cause an SSHv2 Diffie-Hellman handshake to use significantly less secure random parameters...

Moderate: Red Hat Security Advisory: libssh security update

An update for libssh is now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Updated proftpd packages fix security vulnerability

A bug with security implications was found in the modtls module in ProFTPD before 1.3.5b. This module has a configuration option TLSDHParamFile to specify user-defined Diffie Hellman parameters. The software would ignore the user-defined parameters and use Diffie Hellman key exchanges with 1024...

MGASA-2016-0128 Updated proftpd packages fix security vulnerability

A bug with security implications was found in the modtls module in ProFTPD before 1.3.5b. This module has a configuration option TLSDHParamFile to specify user-defined Diffie Hellman parameters. The software would ignore the user-defined parameters and use Diffie Hellman key exchanges with 1024...

HP System Management Homepage < 7.5.4 Multiple Vulnerabilities (Logjam)

According to the web server's banner, the version of HP System Management Homepage SMH hosted on the remote web server is a version prior to 7.5.4. It is, therefore, affected by the following vulnerabilities : - A denial of service vulnerability exists when processing an ECParameters structure du...

The vulnerability of the OpenSSL library, which allows a hacker to obtain the secret key

The vulnerability of the DHcheckpubkey function in the crypto/dh/dhcheck.c file of the OpenSSL library is related to errors in gathering input data for the Diffie-Hellman algorithm. Exploiting this vulnerability could allow a remote attacker to obtain the secret key by repeatedly using the...

SUSE SLED11 / SLES11 Security Update : libssh2_org (SUSE-SU-2016:0723-1)

This update for libssh2org fixes the following issues : - Add SHA256 support for DH group exchange fate320343, bsc961964 - fix CVE-2016-0787 bsc967026 - Weakness in diffie-hellman secret key generation lead to much shorter DH groups then needed, which could be used to retrieve server keys. Note...

openSUSE Security Update : libssh (openSUSE-2016-328)

This update for libssh fixes the following issues : - CVE-2016-0739: Fix Weakness in diffie-hellman secret key generation. bsc965875 This update was imported from the SUSE:SLE-12:Update update project. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in...

DEBIAN-CVE-2016-1978

Use-after-free vulnerability in the ssl3HandleECDHServerKeyExchange function in Mozilla Network Security Services NSS before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL 1 DHE or 2 ECD...

libssh2 Security Bypass Vulnerability

libssh2 is a client-side C library for implementing the SSH2 protocol. A security vulnerability exists in libssh2 that allows remote attackers to exploit vulnerabilities and cause the SSHv2 Diffie-Hellman handshake to use insecure random parameters...

UBUNTU-CVE-2016-1978

Use-after-free vulnerability in the ssl3HandleECDHServerKeyExchange function in Mozilla Network Security Services NSS before 3.21, as used in Mozilla Firefox before 44.0, allows remote attackers to cause a denial of service or possibly have unspecified other impact by making an SSL 1 DHE or 2 ECD...

SUSE-SU-2016:0718-1 Security update for libssh2_org

This update for libssh2org fixes the following issues: Security issue fixed: - CVE-2016-0787 bsc967026: Weakness in diffie-hellman secret key generation lead to much shorter DH groups then needed, which could be used to retrieve server keys. A feature was added: - Support of SHA256 digests for DH...

OracleVM 3.3 / 3.4 : libssh2 (OVMSA-2016-0035)

The remote OracleVM system is missing necessary patches to address critical security updates : - use secrects of the appropriate length in Diffie-Hellman CVE-2016-0787 - fix basic functionality of libssh2 in FIPS mode 968575 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The package checks ...