Follow @Openwall on Twitter for new release announcements and other news
[<prev] [next>] [thread-next>] [day] [month] [year] [list]
Date: Fri, 11 Mar 2016 11:09:54 +0100
From: Hanno Böck <hanno@...eck.de>
To: oss-security@...ts.openwall.com, cve-assign@...re.org
Subject: ProFTPD before 1.3.5b/1.3.6rc2 uses 1024 bit Diffie Hellman
 parameters for TLS even if user sets manual parameters

Hi,

The ProFTPD daemon supports TLS encrypted connections via the mod_tls
module. This module has a configuration option
TLSDHParamFile
to specify user-defined Diffie Hellman parameters.

Versions older than 1.3.5b / 1.3.6rc2 had a bug that would cause the
software to ignore the parameters and use Diffie Hellman key exchanges
with 1024 bit:
http://bugs.proftpd.org/show_bug.cgi?id=4230

The release notes[1] are confusing, as they mention only problems with
keys smaller than 2048 bit, but I was also able to reproduce this issue
with 4096 bit keys. But anyway, it is fixed in the latest versions for
all key sizes I have tested.

As 1024 bit DH is considered dangerously small these days and breakable
by a powerful attacker I think this should be considered a security
vulnerability.

[1] http://proftpd.org/docs/RELEASE_NOTES-1.3.5b

-- 
Hanno Böck
https://hboeck.de/

mail/jabber: hanno@...eck.de
GPG: BBB51E42

Content of type "application/pgp-signature" skipped

Powered by blists - more mailing lists

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Confused about mailing lists and their use? Read about mailing lists on Wikipedia and check out these guidelines on proper formatting of your messages.