CVE-2020-5202

MEDIUM

apt-cacher-ng <3.3 - Info Disclosure

Title source: llm
STIX 2.1

Description

apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.

References (5)

Core 5
Core References
Patch, Third Party Advisory x_refsource_misc
https://security-tracker.debian.org/tracker/CVE-2020-5202
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist
http://www.openwall.com/lists/oss-security/2020/01/20/4
Exploit, Mailing List, Third Party Advisory mailing-list x_refsource_mlist
https://seclists.org/oss-sec/2020/q1/21
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00057.html
Mailing List, Third Party Advisory vendor-advisory x_refsource_suse
http://lists.opensuse.org/opensuse-security-announce/2020-01/msg00065.html

Scores

CVSS v3 5.5
EPSS 0.0007
EPSS Percentile 21.5%
Attack Vector LOCAL
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Details

Status published
Products (6)
apt-cacher-ng_project/apt-cacher-ng < 3.3
debian/debian_linux 8.0
debian/debian_linux 9.0
debian/debian_linux 10.0
opensuse/backports sle-15 sp1
opensuse/leap 15.1
Published Jan 21, 2020
Tracked Since Feb 18, 2026