First published: Mon Sep 18 2023(Updated: )
It was discovered that vsftpd was vulnerable to the ALPACA TLS protocol content confusion attack. A remote attacker could possibly use this issue to redirect traffic from one subdomain to another.
Affected Software | Affected Version | How to fix |
---|---|---|
All of | ||
ubuntu/vsftpd | <3.0.5-0ubuntu0.20.04.1 | 3.0.5-0ubuntu0.20.04.1 |
Ubuntu Ubuntu | =20.04 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
The vulnerability ID for this vsftpd vulnerability is USN-6379-1.
The title of this vulnerability is 'USN-6379-1: vsftpd vulnerability'.
This vulnerability in vsftpd is related to the ALPACA TLS protocol content confusion attack, which can allow a remote attacker to redirect traffic from one subdomain to another.
The vsftpd package with a version up to and excluding 3.0.5-0ubuntu0.20.04.1 is affected on Ubuntu Ubuntu 20.04.
To fix this vulnerability, you should update the vsftpd package to version 3.0.5-0ubuntu0.20.04.1 or higher.