Multiple vulnerabilities in ProFTPD
| Risk | Medium |
| Patch available | YES |
| Number of vulnerabilities | 2 |
| CVE-ID | CVE-2019-19270 CVE-2016-3125 |
| CWE-ID | CWE-295 CWE-254 |
| Exploitation vector | Network |
| Public exploit | N/A |
| Vulnerable software |
ProFTPD Server applications / File servers (FTP/HTTP) Fedora Operating systems & Components / Operating system Opensuse Operating systems & Components / Operating system |
| Vendor |
ProFTPD Fedoraproject SUSE |
Security Bulletin
This security bulletin contains information about 2 vulnerabilities.
1) Improper Certificate Validation
EUVDB-ID: #VU35035
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2019-19270
CWE-ID:
CWE-295 - Improper Certificate Validation
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to manipulate data.
An issue was discovered in tls_verify_crl in ProFTPD through 1.3.6b. Failure to check for the appropriate field of a CRL entry (checking twice for subject, rather than once for subject and once for issuer) prevents some valid CRLs from being taken into account, and can allow clients whose certificates have been revoked to proceed with a connection to the server.
MitigationInstall update from vendor's website.
Vulnerable software versionsProFTPD: 1.3.6
Fedora: 1.3.6 - 31
CPE2.3- cpe:2.3:a:proftpd:proftpd:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:30:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:31:*:*:*:*:*:*:*
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00009.html
http://github.com/proftpd/proftpd/issues/859
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OGBBCPLJSDPFG5EI5P5G7P4KEX7YSD5G/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/QR65XUHPCRU3NXTSFVF2J4GWRIHC7AHW/
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
2) Security Features
EUVDB-ID: #VU40410
Risk: Medium
CVSSv4.0: 6.6 [CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N/E:U/U:Green]
CVE-ID: CVE-2016-3125
CWE-ID:
CWE-254 - Security Features
Exploit availability: No
DescriptionThe vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.
The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
MitigationInstall update from vendor's website.
Vulnerable software versionsProFTPD: 1.3.6
Opensuse: 1.3.6 - 13.1
Fedora: 1.3.6 - 23
CPE2.3- cpe:2.3:a:proftpd:proftpd:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:o:suse:opensuse:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:1.3.6:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:13.1:*:*:*:*:*:*:*
- cpe:2.3:o:fedoraproject:fedora:22:*:*:*:*:*:*:*
http://bugs.proftpd.org/show_bug.cgi?id=4230
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179109.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179143.html
http://lists.fedoraproject.org/pipermail/package-announce/2016-March/179905.html
http://lists.opensuse.org/opensuse-updates/2016-05/msg00080.html
http://lists.opensuse.org/opensuse-updates/2016-06/msg00045.html
http://proftpd.org/docs/NEWS-1.3.5b
http://proftpd.org/docs/NEWS-1.3.6rc2
http://www.openwall.com/lists/oss-security/2016/03/11/14
http://www.openwall.com/lists/oss-security/2016/03/11/3
Q & A
Can this vulnerability be exploited remotely?
Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.
How the attacker can exploit this vulnerability?
The attacker would have to send a specially crafted request to the affected application in order to exploit this vulnerability.
Is there known malware, which exploits this vulnerability?
No. We are not aware of malware exploiting this vulnerability.
