漏洞类别:File Transfer Protocol
漏洞等级: 
漏洞信息
ProFTPD is an open source FTP server compatible with Unix-like systems and Windows (via Cygwin). It is among one of the most popular FTP servers used today for Unix-like systems.
Diffie Hellman is an algorithm used to derive shared secrets between two parties. It is used symmetric cryptographic key exchanges for many algorithms such as AES etc.
ProFTPD versions prior to 1.3.5b and 1.3.6rc2 do not handle the TLSDHParamFile directive in the mod_tls module properly.
漏洞危害
The improper handling of the TLSDHParamFile directive can lead to weaker Diffie-Hellman key exchanges than intended. This vulnerability can subsequently allow the attacker impact the service via unknown vectors.
解决方案
0day
文章评论