Описание
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
Пакеты
| Пакет | Статус | Версия исправления | Релиз | Тип |
|---|---|---|---|---|
| nginx | fixed | 1.20.2-2 | package | |
| nginx | fixed | 1.18.0-6.1+deb11u2 | bullseye | package |
| nginx | no-dsa | stretch | package | |
| vsftpd | fixed | 3.0.5-0.1 | package | |
| vsftpd | no-dsa | bookworm | package | |
| vsftpd | no-dsa | bullseye | package | |
| vsftpd | no-dsa | buster | package | |
| vsftpd | no-dsa | stretch | package | |
| sendmail | fixed | 8.16.1-1 | experimental | package |
| sendmail | fixed | 8.16.1-2 | package | |
| sendmail | no-dsa | bullseye | package | |
| sendmail | no-dsa | buster | package | |
| sendmail | no-dsa | stretch | package |
Примечания
https://bugzilla.redhat.com/show_bug.cgi?id=1975623
https://alpaca-attack.com/
Generic TLS protocol issue, some applications have released mitigations:
nginx: http://hg.nginx.org/nginx/rev/ec1071830799
vsftpd: https://security.appspot.com/vsftpd/Changelog.txt (3.0.4)
* Close the control connection after 10 unknown commands pre-login.
* Reject any TLS ALPN advertisement that's not 'ftp'.
* Add ssl_sni_hostname option to require a match on incoming SNI hostname.
sendmail: Fixed in 3.16.1: https://marc.info/?l=sendmail-announce&m=159394546814125&w=2
exim4 has config option: https://lists.exim.org/lurker/message/20210609.200324.f0e073ed.el.html
EPSS
Связанные уязвимости
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
EPSS