CVE-2021-3618
Published: 23 March 2022
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
Notes
Author | Note |
---|---|
mdeslaur | the mail proxy mechanisms aren't included in nginx.conf by default |
Priority
Status
Package | Release | Status |
---|---|---|
nginx Launchpad, Ubuntu, Debian |
lunar |
Not vulnerable
(1.22.0-1ubuntu1)
|
upstream |
Released
(1.21.0)
|
|
bionic |
Released
(1.14.0-0ubuntu1.10)
|
|
focal |
Released
(1.18.0-0ubuntu1.3)
|
|
trusty |
Needed
|
|
xenial |
Released
(1.10.3-0ubuntu0.16.04.5+esm3)
Available with Ubuntu Pro or Ubuntu Pro (Infra-only) |
|
impish |
Released
(1.18.0-6ubuntu11.1)
|
|
hirsute |
Ignored
(end of life)
|
|
kinetic |
Ignored
(end of life, was needed)
|
|
jammy |
Released
(1.18.0-6ubuntu14.1)
|
|
Patches: upstream: http://hg.nginx.org/nginx/rev/ec1071830799 |
||
sendmail Launchpad, Ubuntu, Debian |
impish |
Ignored
(end of life)
|
jammy |
Needed
|
|
lunar |
Not vulnerable
(8.17.1.9-1)
|
|
hirsute |
Ignored
(end of life)
|
|
bionic |
Needed
|
|
focal |
Needed
|
|
trusty |
Needed
|
|
upstream |
Released
(8.16.1-1)
|
|
kinetic |
Ignored
(end of life, was needed)
|
|
xenial |
Needs triage
|
|
vsftpd Launchpad, Ubuntu, Debian |
kinetic |
Not vulnerable
(3.0.5-0ubuntu1)
|
lunar |
Not vulnerable
(3.0.5-0ubuntu1)
|
|
upstream |
Released
(3.0.4)
|
|
impish |
Ignored
(end of life)
|
|
hirsute |
Ignored
(end of life)
|
|
bionic |
Needed
|
|
trusty |
Needed
|
|
xenial |
Needed
|
|
focal |
Released
(3.0.5-0ubuntu0.20.04.1)
|
|
jammy |
Not vulnerable
(3.0.5-0ubuntu1)
|
Severity score breakdown
Parameter | Value |
---|---|
Base score | 7.4 |
Attack vector | Network |
Attack complexity | High |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | None |
Vector | CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:N |
References
- https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3618
- https://security.appspot.com/vsftpd/Changelog.txt
- https://alpaca-attack.com/
- https://marc.info/?l=sendmail-announce&m=159394546814125&w=2
- https://lists.exim.org/lurker/message/20210609.200324.f0e073ed.el.html
- https://ubuntu.com/security/notices/USN-5371-1
- https://ubuntu.com/security/notices/USN-5371-2
- https://ubuntu.com/security/notices/USN-6379-1
- NVD
- Launchpad
- Debian