Logo
vuln-group

USN-6379-1

USN-6379-1: vsftpd vulnerability

First published: Mon Sep 18 2023

Last modified: Mon Sep 18 2023

It was discovered that vsftpd was vulnerable to the ALPACA TLS protocol content confusion attack. A remote attacker could possibly use this issue to redirect traffic from one subdomain to another.

Any of

  • All of

    • ubuntu/vsftpd
      <3.0.5-0ubuntu0.20.04.1
      fixed in: 3.0.5-0ubuntu0.20.04.1
    • Ubuntu Ubuntu
      20.04

FAQ

  • What is the vulnerability ID for this vsftpd vulnerability?

    The vulnerability ID for this vsftpd vulnerability is USN-6379-1.

  • What is the title of this vulnerability?

    The title of this vulnerability is 'USN-6379-1: vsftpd vulnerability'.

  • What is the description of this vulnerability?

    This vulnerability in vsftpd is related to the ALPACA TLS protocol content confusion attack, which can allow a remote attacker to redirect traffic from one subdomain to another.

  • Which software is affected by this vulnerability?

    The vsftpd package with a version up to and excluding 3.0.5-0ubuntu0.20.04.1 is affected on Ubuntu Ubuntu 20.04.

  • How can I fix this vulnerability?

    To fix this vulnerability, you should update the vsftpd package to version 3.0.5-0ubuntu0.20.04.1 or higher.

Reference Links

Child vulnerabilities

SecAlerts Pty Ltd.
Fortitude Valley,
QLD 4006, Australia

Navigation

© Copyright 2023 - ABN: 70 645 966 203, ACN: 645 966 203