Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2020-5202

apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.

Published

2020-01-21T18:15:13.060

Last Modified

2024-11-21T05:33:40.100

Status

Modified

Source

[email protected]

Severity

CVSSv3.1: 5.5 (MEDIUM)

CVSSv2 Vector

AV:L/AC:L/Au:N/C:P/I:N/A:N

Access Vector: LOCAL
Access Complexity: LOW
Authentication: NONE
Confidentiality Impact: PARTIAL
Integrity Impact: NONE
Availability Impact: NONE

Exploitability Score

3.9

Impact Score

2.9

Weaknesses

Type: Primary
NVD-CWE-noinfo

Affected Vendors & Products

Type	Vendor	Product	Version/Range	Vulnerable?
Application	apt-cacher-ng_project	apt-cacher-ng	≤ 3.3	Yes
Operating System	debian	debian_linux	8.0	Yes
Operating System	debian	debian_linux	9.0	Yes
Operating System	debian	debian_linux	10.0	Yes
Operating System	opensuse	backports	sle-15	Yes
Operating System	opensuse	leap	15.1	Yes

References

http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html Mailing List, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2020/01/20/4 Exploit, Mailing List, Third Party Advisory ([email protected])
http://www.openwall.com/lists/oss-security/2020/01/20/4 Exploit, Mailing List, Third Party Advisory ([email protected])
https://seclists.org/oss-sec/2020/q1/21 Exploit, Mailing List, Third Party Advisory ([email protected])
https://security-tracker.debian.org/tracker/CVE-2020-5202 Patch, Third Party Advisory ([email protected])
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2020/01/20/4 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
http://www.openwall.com/lists/oss-security/2020/01/20/4 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://seclists.org/oss-sec/2020/q1/21 Exploit, Mailing List, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)
https://security-tracker.debian.org/tracker/CVE-2020-5202 Patch, Third Party Advisory (af854a3a-2127-422b-91ae-364da2661108)