Vulnerabilities > CVE-2016-3125 - Cryptographic Issues vulnerability in multiple products
Attack vector
NETWORK Attack complexity
LOW Privileges required
NONE Confidentiality impact
PARTIAL Integrity impact
NONE Availability impact
NONE Summary
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
Vulnerable Configurations
| Part | Description | Count |
|---|---|---|
| Application | 6 | |
| OS | 1 | |
| OS | 2 |
Common Weakness Enumeration (CWE)
Common Attack Pattern Enumeration and Classification (CAPEC)
- Signature Spoofing by Key Recreation An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Nessus
NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-603.NASL description This proftpd update to version 1.3.5b fixes the following issues : Security issues fixed : - CVE-2016-3125: Fixed selection of DH groups from TLSDHParamFile. (boo#970890) Bugs fixed : - update to 1.3.5b: http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b - SSH RSA hostkeys smaller than 2048 bits now work properly. - MLSD response lines are now properly CRLF terminated. last seen 2020-06-05 modified 2016-05-20 plugin id 91273 published 2016-05-20 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91273 title openSUSE Security Update : proftpd (openSUSE-2016-603) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-603. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(91273); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-3125"); script_name(english:"openSUSE Security Update : proftpd (openSUSE-2016-603)"); script_summary(english:"Check for the openSUSE-2016-603 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "This proftpd update to version 1.3.5b fixes the following issues : Security issues fixed : - CVE-2016-3125: Fixed selection of DH groups from TLSDHParamFile. (boo#970890) Bugs fixed : - update to 1.3.5b: http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b - SSH RSA hostkeys smaller than 2048 bits now work properly. - MLSD response lines are now properly CRLF terminated." ); script_set_attribute( attribute:"see_also", value:"http://www.proftpd.org/docs/RELEASE_NOTES-1.3.5b" ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=970890" ); script_set_attribute( attribute:"solution", value:"Update the affected proftpd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-radius"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-radius-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.2"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:42.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/05/18"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/05/20"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.2|SUSE42\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.2 / 42.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-debuginfo-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-debugsource-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-devel-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-lang-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-ldap-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-ldap-debuginfo-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-mysql-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-mysql-debuginfo-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-pgsql-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-pgsql-debuginfo-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-radius-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-radius-debuginfo-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-sqlite-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE13.2", reference:"proftpd-sqlite-debuginfo-1.3.5b-6.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-1.3.5b-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-debuginfo-1.3.5b-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-debugsource-1.3.5b-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-devel-1.3.5b-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-lang-1.3.5b-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-ldap-1.3.5b-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-ldap-debuginfo-1.3.5b-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-mysql-1.3.5b-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-mysql-debuginfo-1.3.5b-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-pgsql-1.3.5b-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-pgsql-debuginfo-1.3.5b-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-radius-1.3.5b-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-radius-debuginfo-1.3.5b-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-sqlite-1.3.5b-4.1") ) flag++; if ( rpm_check(release:"SUSE42.1", reference:"proftpd-sqlite-debuginfo-1.3.5b-4.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "proftpd / proftpd-debuginfo / proftpd-debugsource / proftpd-devel / etc"); }NASL family Fedora Local Security Checks NASL id FEDORA_2016-977D57CF2D.NASL description Cumulative maintenance release from upstream. Highlights are: * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. * Fixed selection of DH groups from TLSDHParamFile (CVE-2016-3125). Various other bug fixes are also included. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-21 plugin id 90042 published 2016-03-21 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90042 title Fedora 23 : proftpd-1.3.5b-1.fc23 (2016-977d57cf2d) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2016-977d57cf2d. # include("compat.inc"); if (description) { script_id(90042); script_version("2.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-3125"); script_xref(name:"FEDORA", value:"2016-977d57cf2d"); script_name(english:"Fedora 23 : proftpd-1.3.5b-1.fc23 (2016-977d57cf2d)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Cumulative maintenance release from upstream. Highlights are: * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. * Fixed selection of DH groups from TLSDHParamFile (CVE-2016-3125). Various other bug fixes are also included. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1317420" ); # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179143.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?e0f798f7" ); script_set_attribute( attribute:"solution", value:"Update the affected proftpd package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:proftpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:23"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^23([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 23.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC23", reference:"proftpd-1.3.5b-1.fc23")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "proftpd"); }NASL family Fedora Local Security Checks NASL id FEDORA_2016-AC3587BE9A.NASL description Cumulative maintenance release from upstream. Highlights are: * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. * Fixed selection of DH groups from TLSDHParamFile (CVE-2016-3125) Various other bug fixes are also included. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-28 plugin id 90222 published 2016-03-28 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90222 title Fedora 24 : proftpd-1.3.5b-1.fc24 (2016-ac3587be9a) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2016-ac3587be9a. # include("compat.inc"); if (description) { script_id(90222); script_version("2.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-3125"); script_xref(name:"FEDORA", value:"2016-ac3587be9a"); script_name(english:"Fedora 24 : proftpd-1.3.5b-1.fc24 (2016-ac3587be9a)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Cumulative maintenance release from upstream. Highlights are: * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. * Fixed selection of DH groups from TLSDHParamFile (CVE-2016-3125) Various other bug fixes are also included. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1317420" ); # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179905.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9f62694d" ); script_set_attribute( attribute:"solution", value:"Update the affected proftpd package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:proftpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:24"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/26"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/28"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^24([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 24.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC24", reference:"proftpd-1.3.5b-1.fc24")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "proftpd"); }NASL family Fedora Local Security Checks NASL id FEDORA_2016-F95D8EA3AD.NASL description Cumulative maintenance release from upstream. Highlights are: * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. * Fixed selection of DH groups from TLSDHParamFile (CVE-2016-3125). Various other bug fixes are also included. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues. last seen 2020-06-05 modified 2016-03-21 plugin id 90046 published 2016-03-21 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/90046 title Fedora 22 : proftpd-1.3.5b-1.fc22 (2016-f95d8ea3ad) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from Fedora Security Advisory 2016-f95d8ea3ad. # include("compat.inc"); if (description) { script_id(90046); script_version("2.5"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-3125"); script_xref(name:"FEDORA", value:"2016-f95d8ea3ad"); script_name(english:"Fedora 22 : proftpd-1.3.5b-1.fc22 (2016-f95d8ea3ad)"); script_summary(english:"Checks rpm output for the updated package."); script_set_attribute( attribute:"synopsis", value:"The remote Fedora host is missing a security update." ); script_set_attribute( attribute:"description", value: "Cumulative maintenance release from upstream. Highlights are: * SSH RSA hostkeys smaller than 2048 bits now work properly. * MLSD response lines are now properly CRLF terminated. * Fixed selection of DH groups from TLSDHParamFile (CVE-2016-3125). Various other bug fixes are also included. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.redhat.com/show_bug.cgi?id=1317420" ); # https://lists.fedoraproject.org/pipermail/package-announce/2016-March/179109.html script_set_attribute( attribute:"see_also", value:"http://www.nessus.org/u?9695eb0f" ); script_set_attribute( attribute:"solution", value:"Update the affected proftpd package." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:proftpd"); script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:22"); script_set_attribute(attribute:"patch_publication_date", value:"2016/03/20"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/03/21"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"Fedora Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/RedHat/release"); if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora"); os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release); if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora"); os_ver = os_ver[1]; if (! ereg(pattern:"^22([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 22.x", "Fedora " + os_ver); if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); cpu = get_kb_item("Host/cpu"); if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH); if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu); flag = 0; if (rpm_check(release:"FC22", reference:"proftpd-1.3.5b-1.fc22")) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "proftpd"); }NASL family SuSE Local Security Checks NASL id OPENSUSE-2016-713.NASL description proftpd was updated to fix one security issue. This security issue was fixed : - CVE-2016-3125: The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. Aliased: (boo#970890). last seen 2020-06-05 modified 2016-06-14 plugin id 91588 published 2016-06-14 reporter This script is Copyright (C) 2016-2020 Tenable Network Security, Inc. source https://www.tenable.com/plugins/nessus/91588 title openSUSE Security Update : proftpd (openSUSE-2016-713) code #%NASL_MIN_LEVEL 80502 # # (C) Tenable Network Security, Inc. # # The descriptive text and package checks in this plugin were # extracted from openSUSE Security Update openSUSE-2016-713. # # The text description of this plugin is (C) SUSE LLC. # include("compat.inc"); if (description) { script_id(91588); script_version("2.4"); script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04"); script_cve_id("CVE-2016-3125"); script_name(english:"openSUSE Security Update : proftpd (openSUSE-2016-713)"); script_summary(english:"Check for the openSUSE-2016-713 patch"); script_set_attribute( attribute:"synopsis", value:"The remote openSUSE host is missing a security update." ); script_set_attribute( attribute:"description", value: "proftpd was updated to fix one security issue. This security issue was fixed : - CVE-2016-3125: The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. Aliased: (boo#970890)." ); script_set_attribute( attribute:"see_also", value:"https://bugzilla.opensuse.org/show_bug.cgi?id=970890" ); script_set_attribute( attribute:"solution", value:"Update the affected proftpd packages." ); script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N"); script_set_cvss3_base_vector("CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N"); script_set_attribute(attribute:"plugin_type", value:"local"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-debugsource"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-devel"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-lang"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-ldap"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-ldap-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-mysql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-mysql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-pgsql"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-pgsql-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-radius"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-radius-debuginfo"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-sqlite"); script_set_attribute(attribute:"cpe", value:"p-cpe:/a:novell:opensuse:proftpd-sqlite-debuginfo"); script_set_attribute(attribute:"cpe", value:"cpe:/o:novell:opensuse:13.1"); script_set_attribute(attribute:"patch_publication_date", value:"2016/06/11"); script_set_attribute(attribute:"plugin_publication_date", value:"2016/06/14"); script_end_attributes(); script_category(ACT_GATHER_INFO); script_copyright(english:"This script is Copyright (C) 2016-2020 Tenable Network Security, Inc."); script_family(english:"SuSE Local Security Checks"); script_dependencies("ssh_get_info.nasl"); script_require_keys("Host/local_checks_enabled", "Host/SuSE/release", "Host/SuSE/rpm-list", "Host/cpu"); exit(0); } include("audit.inc"); include("global_settings.inc"); include("rpm.inc"); if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED); release = get_kb_item("Host/SuSE/release"); if (isnull(release) || release =~ "^(SLED|SLES)") audit(AUDIT_OS_NOT, "openSUSE"); if (release !~ "^(SUSE13\.1)$") audit(AUDIT_OS_RELEASE_NOT, "openSUSE", "13.1", release); if (!get_kb_item("Host/SuSE/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING); ourarch = get_kb_item("Host/cpu"); if (!ourarch) audit(AUDIT_UNKNOWN_ARCH); if (ourarch !~ "^(i586|i686|x86_64)$") audit(AUDIT_ARCH_NOT, "i586 / i686 / x86_64", ourarch); flag = 0; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-1.3.5b-10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-debuginfo-1.3.5b-10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-debugsource-1.3.5b-10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-devel-1.3.5b-10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-lang-1.3.5b-10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-ldap-1.3.5b-10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-ldap-debuginfo-1.3.5b-10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-mysql-1.3.5b-10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-mysql-debuginfo-1.3.5b-10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-pgsql-1.3.5b-10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-pgsql-debuginfo-1.3.5b-10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-radius-1.3.5b-10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-radius-debuginfo-1.3.5b-10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-sqlite-1.3.5b-10.1") ) flag++; if ( rpm_check(release:"SUSE13.1", reference:"proftpd-sqlite-debuginfo-1.3.5b-10.1") ) flag++; if (flag) { if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get()); else security_warning(0); exit(0); } else { tested = pkg_tests_get(); if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested); else audit(AUDIT_PACKAGE_NOT_INSTALLED, "proftpd / proftpd-debuginfo / proftpd-debugsource / proftpd-devel / etc"); }NASL family FreeBSD Local Security Checks NASL id FREEBSD_PKG_A733B5CA06EB11E6817F3085A9A4510D.NASL description MITRE reports : The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors. last seen 2020-06-01 modified 2020-06-02 plugin id 90607 published 2016-04-21 reporter This script is Copyright (C) 2016-2018 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/90607 title FreeBSD : proftpd -- vulnerability in mod_tls (a733b5ca-06eb-11e6-817f-3085a9a4510d) NASL family FTP NASL id PROFTPD_1_3_6_RC2.NASL description The remote host is using ProFTPD, a free FTP server for Unix and Linux. According to its banner, the version of ProFTPD installed on the remote host is prior to 1.3.5b or 1.3.6x prior to 1.3.6rc2 and is affected by an issue in the mod_tls module, which might cause a weaker than intended Diffie-Hellman key to be used. last seen 2020-06-01 modified 2020-06-02 plugin id 106755 published 2018-02-12 reporter This script is Copyright (C) 2018-2019 and is owned by Tenable, Inc. or an Affiliate thereof. source https://www.tenable.com/plugins/nessus/106755 title ProFTPD < 1.3.5b / 1.3.6x < 1.3.6rc2 weak Diffie-Hellman key
References
- http://bugs.proftpd.org/show_bug.cgi?id=4230
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179109.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179143.html
- http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179905.html
- http://lists.opensuse.org/opensuse-updates/2016-05/msg00080.html
- http://lists.opensuse.org/opensuse-updates/2016-06/msg00045.html
- http://proftpd.org/docs/NEWS-1.3.5b
- http://proftpd.org/docs/NEWS-1.3.6rc2
- http://www.openwall.com/lists/oss-security/2016/03/11/14
- http://www.openwall.com/lists/oss-security/2016/03/11/3