The mod_tls module in ProFTPD before 1.3.5b and 1.3.6 before 1.3.6rc2 does not properly handle the TLSDHParamFile directive, which might cause a weaker than intended Diffie-Hellman (DH) key to be used and consequently allow attackers to have unspecified impact via unknown vectors.
{ "binaries": [ { "binary_version": "1.3.5a-1ubuntu0.1", "binary_name": "proftpd-basic" }, { "binary_version": "1.3.5a-1ubuntu0.1", "binary_name": "proftpd-dev" }, { "binary_version": "1.3.5a-1ubuntu0.1", "binary_name": "proftpd-mod-geoip" }, { "binary_version": "1.3.5a-1ubuntu0.1", "binary_name": "proftpd-mod-ldap" }, { "binary_version": "1.3.5a-1ubuntu0.1", "binary_name": "proftpd-mod-mysql" }, { "binary_version": "1.3.5a-1ubuntu0.1", "binary_name": "proftpd-mod-odbc" }, { "binary_version": "1.3.5a-1ubuntu0.1", "binary_name": "proftpd-mod-pgsql" }, { "binary_version": "1.3.5a-1ubuntu0.1", "binary_name": "proftpd-mod-sqlite" } ] }