CVE-2021-3618

Name	CVE-2021-3618
Description	ALPACA is an application layer protocol content confusion attack, exploiting TLS servers implementing different protocols but using compatible certificates, such as multi-domain or wildcard certificates. A MiTM attacker having access to victim's traffic at the TCP/IP layer can redirect traffic from one subdomain to another, resulting in a valid TLS session. This breaks the authentication of TLS and cross-protocol attacks may be possible where the behavior of one protocol service may compromise the other at the application layer.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)
References	DLA-3203-1, ELA-739-1
Debian Bugs	991328, 991329, 991331

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
nginx (PTS)	jessie, jessie (lts)	1.6.2-5+deb8u10	fixed
	stretch (security)	1.10.3-1+deb9u7	vulnerable
	stretch (lts), stretch	1.10.3-1+deb9u8	fixed
	buster (security), buster, buster (lts)	1.14.2-2+deb10u5	fixed
	bullseye (security), bullseye	1.18.0-6.1+deb11u3	fixed
	bookworm	1.22.1-9	fixed
	sid, trixie	1.26.0-3	fixed
sendmail (PTS)	jessie	8.14.4-8+deb8u2	vulnerable
	stretch (lts), stretch	8.15.2-8+deb9u2	vulnerable
	buster (security), buster, buster (lts)	8.15.2-14~deb10u3	vulnerable
	bullseye	8.15.2-22+deb11u3	vulnerable
	bookworm	8.17.1.9-2+deb12u2	fixed
	sid, trixie	8.18.1-6	fixed
vsftpd (PTS)	jessie	3.0.2-17+deb8u1	vulnerable
	stretch	3.0.3-8	vulnerable
	buster, bullseye	3.0.3-12	vulnerable
	bookworm	3.0.3-13	vulnerable
	sid, trixie	3.0.3-13.1	vulnerable

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version	Origin	Debian Bugs
nginx	source	jessie	1.6.2-5+deb8u10	ELA-739-1
nginx	source	stretch	1.10.3-1+deb9u8	ELA-739-1
nginx	source	buster	1.14.2-2+deb10u5	DLA-3203-1
nginx	source	bullseye	1.18.0-6.1+deb11u2
nginx	source	(unstable)	1.20.2-2		991328
sendmail	source	experimental	8.16.1-1
sendmail	source	(unstable)	8.16.1-2		991331
vsftpd	source	(unstable)	(unfixed)		991329

Notes

[stretch] - nginx <no-dsa> (Minor issue)
[bookworm] - vsftpd <no-dsa> (Minor issue)
[bullseye] - vsftpd <no-dsa> (Minor issue)
[buster] - vsftpd <no-dsa> (Minor issue)
[stretch] - vsftpd <no-dsa> (Minor issue)
[bullseye] - sendmail <no-dsa> (Minor issue)
[buster] - sendmail <no-dsa> (Minor issue)
[stretch] - sendmail <no-dsa> (Minor issue)
https://bugzilla.redhat.com/show_bug.cgi?id=1975623
https://alpaca-attack.com/
Generic TLS protocol issue, some applications have released mitigations:
nginx: http://hg.nginx.org/nginx/rev/ec1071830799
vsftpd: https://security.appspot.com/vsftpd/Changelog.txt (3.0.4)
* Close the control connection after 10 unknown commands pre-login.
* Reject any TLS ALPN advertisement that's not 'ftp'.
* Add ssl_sni_hostname option to require a match on incoming SNI hostname.
sendmail: Fixed in 3.16.1: https://marc.info/?l=sendmail-announce&m=159394546814125&w=2
exim4 has config option: https://lists.exim.org/lurker/message/20210609.200324.f0e073ed.el.html
[jessie] - sendmail <no-dsa> (Minor issue)
[jessie] - vsftpd <no-dsa> (Minor issue)