oss-sec mailing list archives
Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters
From: cve-assign () mitre org
Date: Fri, 11 Mar 2016 11:49:48 -0500 (EST)
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256
The ProFTPD daemon supports TLS encrypted connections via the mod_tls module. This module has a configuration option TLSDHParamFile to specify user-defined Diffie Hellman parameters. Versions older than 1.3.5b / 1.3.6rc2 had a bug that would cause the software to ignore the parameters and use Diffie Hellman key exchanges with 1024 bit: http://bugs.proftpd.org/show_bug.cgi?id=4230 As 1024 bit DH is considered dangerously small these days and breakable by a powerful attacker I think this should be considered a security vulnerability.
https://github.com/proftpd/proftpd/pull/226
This logic should hopefully address the bug, where the principle of least surprise was violated because a DH (4096 bits), larger than the configured server cert (of 2048 bits), was not selected.
Use CVE-2016-3125. This CVE is for the "principle of least surprise" violation in which the administrator configured a security-relevant setting to one value, but the product's behavior used a potentially worse value. This CVE is not specifically about whether 1024 is "dangerous" or about whether 1024 should be configurable at all.
The release notes[1] are confusing, as they mention only problems with keys smaller than 2048 bit, but I was also able to reproduce this issue with 4096 bit keys. [1] http://proftpd.org/docs/RELEASE_NOTES-1.3.5b
We are not sure why this would be confusing. "SSH RSA hostkeys smaller than 2048 bits now work properly" in those release notes corresponds to an entirely different issue, described at: http://bugs.proftpd.org/show_bug.cgi?id=4097 https://forums.proftpd.org/smf/index.php/topic,11579.0.html This 2048-bit issue does not have a CVE ID. Very roughly, the 2048-bit issue seems to be about "it is possible for the administrator to configure the product so that it is easier for a client to cause a DoS to that client's own session." The CVE-2016-3125 issue corresponds only to the third 1.3.5b item, i.e., "Fixed selection of DH groups from TLSDHParamFile." - -- CVE Assignment Team M/S M300, 202 Burlington Road, Bedford, MA 01730 USA [ A PGP key is available for encrypted communications at http://cve.mitre.org/cve/request_id.html ] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1 iQIcBAEBCAAGBQJW4vYgAAoJEL54rhJi8gl5IIQP/2ccSsJoIyFt59U4UhjPrko6 V+9Lr8l67O0Dx46ByJmeK3eUalk2R80QWT92O3b2aGPyjE/uqllrFFxRrPmj9ReX rhd8RDjEq7hW90ODCAeLfsct7a25/Sb8DSFFrb0Qy1DvrFSloCLAaG3cV6ud1sFr 3mF2xMxlprCRijlQk40Je74BHuCptgwdo9rx4SbTx5oZAvaD1svCqKQ6D6sZv05E EVCWdFO24e2vdulagtRPtv57gLWKMdgbV5lrmXTrudUNhmoiyN5bfSRQgOizu0g7 B+1U3s5gjNNbChEO0HRZs90QZKUZcBsRhiijT6J8289LqAOYFNXjrjdciia1fD6p WNARS69UWDSGkJV8PL/ZNDt21mnnwoqgwvWAx39abFaKgomjhdjoiQHWO0AibAKl 6v/CCnSGPf84VWV/dEK3r2H8Zu3/C4AoSPJPKT48dCGIj70uVsxOv26ueOsGazBj nC9hHcDv39s6YXfTFsW3eAdM9eHjpxHVr8RSdTwqOWNdVAh3wHO7H/NHxjgMn2Sd bKGU1FTvQ/InTn8AzXZlzCkS0l3qQBZMPRPSOVJLgw+GsO/5qKvgfzXbE3cHIgN+ YJDQAkklpvjcK2vg2NE9BH4a70q9oGMyGEo7SSIOAuWtFRIRn0m1+pfZ73/hXYE4 lJDpyWFeYDFTV0CnDDqh =ErAX -----END PGP SIGNATURE-----
Current thread:
- ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters Hanno Böck (Mar 11)
- Re: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman parameters for TLS even if user sets manual parameters cve-assign (Mar 11)