FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

proftpd -- vulnerability in mod_tls

Affected packages
proftpd < 1.3.5b
proftpd = 1.3.6.r1

Details

VuXML ID a733b5ca-06eb-11e6-817f-3085a9a4510d
Discovery 2016-03-08
Entry 2016-04-20

MITRE reports:

The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.

References

CVE Name CVE-2016-3125