Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters

[cve-assign () mitre org]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

> The ProFTPD daemon supports TLS encrypted connections via the mod_tls
> module. This module has a configuration option
> TLSDHParamFile
> to specify user-defined Diffie Hellman parameters.
>
> Versions older than 1.3.5b / 1.3.6rc2 had a bug that would cause the
> software to ignore the parameters and use Diffie Hellman key exchanges
> with 1024 bit:
> http://bugs.proftpd.org/show_bug.cgi?id=4230
>
> As 1024 bit DH is considered dangerously small these days and breakable
> by a powerful attacker I think this should be considered a security
> vulnerability.

> https://github.com/proftpd/proftpd/pull/226

> > This logic should hopefully address the bug, where the principle of
> > least surprise was violated because a DH (4096 bits), larger than the
> > configured server cert (of 2048 bits), was not selected.

Use CVE-2016-3125. This CVE is for the "principle of least surprise"
violation in which the administrator configured a security-relevant
setting to one value, but the product's behavior used a potentially
worse value. This CVE is not specifically about whether 1024 is
"dangerous" or about whether 1024 should be configurable at all.


> The release notes[1] are confusing, as they mention only problems with
> keys smaller than 2048 bit, but I was also able to reproduce this issue
> with 4096 bit keys.
> [1] http://proftpd.org/docs/RELEASE_NOTES-1.3.5b

We are not sure why this would be confusing.

"SSH RSA hostkeys smaller than 2048 bits now work properly" in those
release notes corresponds to an entirely different issue, described
at:

  http://bugs.proftpd.org/show_bug.cgi?id=4097
  https://forums.proftpd.org/smf/index.php/topic,11579.0.html

This 2048-bit issue does not have a CVE ID. Very roughly, the 2048-bit
issue seems to be about "it is possible for the administrator to
configure the product so that it is easier for a client to cause a DoS
to that client's own session."

The CVE-2016-3125 issue corresponds only to the third 1.3.5b item,
i.e., "Fixed selection of DH groups from TLSDHParamFile."

- -- 
CVE Assignment Team
M/S M300, 202 Burlington Road, Bedford, MA 01730 USA
[ A PGP key is available for encrypted communications at
  http://cve.mitre.org/cve/request_id.html ]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQIcBAEBCAAGBQJW4vYgAAoJEL54rhJi8gl5IIQP/2ccSsJoIyFt59U4UhjPrko6
V+9Lr8l67O0Dx46ByJmeK3eUalk2R80QWT92O3b2aGPyjE/uqllrFFxRrPmj9ReX
rhd8RDjEq7hW90ODCAeLfsct7a25/Sb8DSFFrb0Qy1DvrFSloCLAaG3cV6ud1sFr
3mF2xMxlprCRijlQk40Je74BHuCptgwdo9rx4SbTx5oZAvaD1svCqKQ6D6sZv05E
EVCWdFO24e2vdulagtRPtv57gLWKMdgbV5lrmXTrudUNhmoiyN5bfSRQgOizu0g7
B+1U3s5gjNNbChEO0HRZs90QZKUZcBsRhiijT6J8289LqAOYFNXjrjdciia1fD6p
WNARS69UWDSGkJV8PL/ZNDt21mnnwoqgwvWAx39abFaKgomjhdjoiQHWO0AibAKl
6v/CCnSGPf84VWV/dEK3r2H8Zu3/C4AoSPJPKT48dCGIj70uVsxOv26ueOsGazBj
nC9hHcDv39s6YXfTFsW3eAdM9eHjpxHVr8RSdTwqOWNdVAh3wHO7H/NHxjgMn2Sd
bKGU1FTvQ/InTn8AzXZlzCkS0l3qQBZMPRPSOVJLgw+GsO/5qKvgfzXbE3cHIgN+
YJDQAkklpvjcK2vg2NE9BH4a70q9oGMyGEo7SSIOAuWtFRIRn0m1+pfZ73/hXYE4
lJDpyWFeYDFTV0CnDDqh
=ErAX
-----END PGP SIGNATURE-----