Vulnerabilities > CVE-2016-3125 - 7PK - Security Features vulnerability in multiple products

047910
CVSS 7.5 - HIGH
Attack vector
NETWORK
Attack complexity
LOW
Privileges required
NONE
Confidentiality impact
HIGH
Integrity impact
NONE
Availability impact
NONE
network
low complexity
proftpd
opensuse
fedoraproject
CWE-254
nessus

Summary

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.

Common Weakness Enumeration (CWE)

Nessus

  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-603.NASL
    descriptionThis proftpd update to version 1.3.5b fixes the following issues : Security issues fixed : - CVE-2016-3125: Fixed selection of DH groups from TLSDHParamFile. (boo#970890) Bugs fixed : - update to 1.3.5b: http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b - SSH RSA hostkeys smaller than 2048 bits now work properly. - MLSD response lines are now properly CRLF terminated.
    last seen2020-06-05
    modified2016-05-20
    plugin id91273
    published2016-05-20
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91273
    titleopenSUSE Security Update : proftpd (openSUSE-2016-603)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-603.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91273);
      script_version("2.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-3125");
    
      script_name(english:"openSUSE Security Update : proftpd (openSUSE-2016-603)");
      script_summary(english:"Check for the openSUSE-2016-603 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "This proftpd update to version 1.3.5b fixes the following issues :
    
    Security issues fixed :
    
      - CVE-2016-3125: Fixed selection of DH groups from
        TLSDHParamFile. (boo#970890)
    
    Bugs fixed :
    
      - update to 1.3.5b:
        http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b
    
      - SSH RSA hostkeys smaller than 2048 bits now work
        properly.
    
      - MLSD response lines are now properly CRLF terminated."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=970890"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected proftpd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-radius");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-radius-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/05/18");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/20");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-debuginfo-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-debugsource-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-devel-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-lang-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-ldap-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-ldap-debuginfo-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-mysql-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-mysql-debuginfo-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-pgsql-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-pgsql-debuginfo-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-radius-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-radius-debuginfo-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-sqlite-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE13.2", reference:"proftpd-sqlite-debuginfo-1.3.5b-6.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-1.3.5b-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-debuginfo-1.3.5b-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-debugsource-1.3.5b-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-devel-1.3.5b-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-lang-1.3.5b-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-ldap-1.3.5b-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-ldap-debuginfo-1.3.5b-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-mysql-1.3.5b-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-mysql-debuginfo-1.3.5b-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-pgsql-1.3.5b-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-pgsql-debuginfo-1.3.5b-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-radius-1.3.5b-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-radius-debuginfo-1.3.5b-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-sqlite-1.3.5b-4.1") ) flag++;
    if ( rpm_check(release:"SUSE42.1", reference:"proftpd-sqlite-debuginfo-1.3.5b-4.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "proftpd / proftpd-debuginfo / proftpd-debugsource / proftpd-devel / etc");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-977D57CF2D.NASL
    descriptionCumulative maintenance release from upstream. Highlights are: * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. * Fixed selection of DH groups from TLSDHParamFile (CVE-2016-3125). Various other bug fixes are also included. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-21
    plugin id90042
    published2016-03-21
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90042
    titleFedora 23 : proftpd-1.3.5b-1.fc23 (2016-977d57cf2d)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2016-977d57cf2d.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90042);
      script_version("2.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-3125");
      script_xref(name:"FEDORA", value:"2016-977d57cf2d");
    
      script_name(english:"Fedora 23 : proftpd-1.3.5b-1.fc23 (2016-977d57cf2d)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Cumulative maintenance release from upstream. Highlights are: * SSH
    RSA hostkeys smaller than 2048 bits now work properly. * MLSD response
    lines are now properly CRLF terminated. * Fixed selection of DH groups
    from TLSDHParamFile (CVE-2016-3125). Various other bug fixes are also
    included.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1317420"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179143.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?e0f798f7"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected proftpd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:proftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC23", reference:"proftpd-1.3.5b-1.fc23")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "proftpd");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-AC3587BE9A.NASL
    descriptionCumulative maintenance release from upstream. Highlights are: * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. * Fixed selection of DH groups from TLSDHParamFile (CVE-2016-3125) Various other bug fixes are also included. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-28
    plugin id90222
    published2016-03-28
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90222
    titleFedora 24 : proftpd-1.3.5b-1.fc24 (2016-ac3587be9a)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2016-ac3587be9a.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90222);
      script_version("2.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-3125");
      script_xref(name:"FEDORA", value:"2016-ac3587be9a");
    
      script_name(english:"Fedora 24 : proftpd-1.3.5b-1.fc24 (2016-ac3587be9a)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Cumulative maintenance release from upstream. Highlights are: * SSH
    RSA hostkeys smaller than 2048 bits now work properly. * MLSD response
    lines are now properly CRLF terminated. * Fixed selection of DH groups
    from TLSDHParamFile (CVE-2016-3125) Various other bug fixes are also
    included.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1317420"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179905.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9f62694d"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected proftpd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:proftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/28");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC24", reference:"proftpd-1.3.5b-1.fc24")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "proftpd");
    }
    
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2016-F95D8EA3AD.NASL
    descriptionCumulative maintenance release from upstream. Highlights are: * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. * Fixed selection of DH groups from TLSDHParamFile (CVE-2016-3125). Various other bug fixes are also included. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-05
    modified2016-03-21
    plugin id90046
    published2016-03-21
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/90046
    titleFedora 22 : proftpd-1.3.5b-1.fc22 (2016-f95d8ea3ad)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2016-f95d8ea3ad.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(90046);
      script_version("2.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-3125");
      script_xref(name:"FEDORA", value:"2016-f95d8ea3ad");
    
      script_name(english:"Fedora 22 : proftpd-1.3.5b-1.fc22 (2016-f95d8ea3ad)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Cumulative maintenance release from upstream. Highlights are: * SSH
    RSA hostkeys smaller than 2048 bits now work properly. * MLSD response
    lines are now properly CRLF terminated. * Fixed selection of DH groups
    from TLSDHParamFile (CVE-2016-3125). Various other bug fixes are also
    included.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=1317420"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179109.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?9695eb0f"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected proftpd package."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:proftpd");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/03/20");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/21");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC22", reference:"proftpd-1.3.5b-1.fc22")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "proftpd");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idOPENSUSE-2016-713.NASL
    descriptionproftpd was updated to fix one security issue. This security issue was fixed : - CVE-2016-3125: The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. Aliased: (boo#970890).
    last seen2020-06-05
    modified2016-06-14
    plugin id91588
    published2016-06-14
    reporterThis script is Copyright (C) 2016-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/91588
    titleopenSUSE Security Update : proftpd (openSUSE-2016-713)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from openSUSE Security Update openSUSE-2016-713.
    #
    # The text description of this plugin is (C) SUSE LLC.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(91588);
      script_version("2.4");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2016-3125");
    
      script_name(english:"openSUSE Security Update : proftpd (openSUSE-2016-713)");
      script_summary(english:"Check for the openSUSE-2016-713 patch");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote openSUSE host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "proftpd was updated to fix one security issue.
    
    This security issue was fixed :
    
      - CVE-2016-3125: The mod_tls module in ProFTPD before
        1.3.5b and 1.3.6 before 1.3.6rc2 does not properly
        handle the TLSDHParamFile directive, which might cause a
        weaker than intended Diffie-Hellman (DH) key to be used
        and consequently allow attackers to have unspecified
        impact via unknown vectors. Aliased: (boo#970890)."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.opensuse.org/show_bug.cgi?id=970890"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected proftpd packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
      script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-debugsource");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-devel");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-lang");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-ldap");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-ldap-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-mysql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-mysql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-pgsql");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-pgsql-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-radius");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-radius-debuginfo");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-sqlite");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-sqlite-debuginfo");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2016/06/11");
      script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/14");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/SuSE/release");
    if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE");
    if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release);
    if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    ourarch = get_kb_item("Host/cpu");
    if (!ourarch) audit(AUDIT_UNKNOWN_ARCH);
    if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch);
    
    flag = 0;
    
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-1.3.5b-10.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-debuginfo-1.3.5b-10.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-debugsource-1.3.5b-10.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-devel-1.3.5b-10.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-lang-1.3.5b-10.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-ldap-1.3.5b-10.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-ldap-debuginfo-1.3.5b-10.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-mysql-1.3.5b-10.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-mysql-debuginfo-1.3.5b-10.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-pgsql-1.3.5b-10.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-pgsql-debuginfo-1.3.5b-10.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-radius-1.3.5b-10.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-radius-debuginfo-1.3.5b-10.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-sqlite-1.3.5b-10.1") ) flag++;
    if ( rpm_check(release:"SUSE13.1", reference:"proftpd-sqlite-debuginfo-1.3.5b-10.1") ) flag++;
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "proftpd / proftpd-debuginfo / proftpd-debugsource / proftpd-devel / etc");
    }
    
  • NASL familyFreeBSD Local Security Checks
    NASL idFREEBSD_PKG_A733B5CA06EB11E6817F3085A9A4510D.NASL
    descriptionMITRE reports : The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
    last seen2020-06-01
    modified2020-06-02
    plugin id90607
    published2016-04-21
    reporterThis script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/90607
    titleFreeBSD : proftpd -- vulnerability in mod_tls (a733b5ca-06eb-11e6-817f-3085a9a4510d)
  • NASL familyFTP
    NASL idPROFTPD_1_3_6_RC2.NASL
    descriptionThe remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is prior to 1.3.5b or 1.3.6x prior to 1.3.6rc2 and is affected by an issue in the mod_tls module, which might cause a weaker than intended Diffie-Hellman key to be used.
    last seen2020-06-01
    modified2020-06-02
    plugin id106755
    published2018-02-12
    reporterThis script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/106755
    titleProFTPD < 1.3.5b / 1.3.6x < 1.3.6rc2 weak Diffie-Hellman key