CVE-2020-5202Sensitive Information Exposure in Project Apt-cacher-ng

CWE-200Sensitive Information Exposure8 documents6 sources
Severity
5.5MEDIUMNVD
EPSS
0.1%
top 78.33%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
4
Apt-cacher-ng Project Apt-cacher-ngDebian LinuxOpensuse Backports+1 more
Timeline
PublishedJan 21
Latest updateMay 24

Description

apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this por

CVSS vector

CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NExploitability: 1.8 | Impact: 3.6

Affected Packages4 packages

NVDopensuse/backportssle-15
NVDopensuse/leap15.1

Also affects: Debian Linux 10.0, 8.0, 9.0

Patches

Patch: security-tracker.debian.orgPatch: security-tracker.debian.org

🔴Vulnerability Details

3
GHSA
GHSA-ppjv-mwcc-539j: apt-cacher-ng through 32022-05-24
OSV
CVE-2020-5202: apt-cacher-ng through 32020-01-21
CVEList
CVE-2020-5202: apt-cacher-ng through 32020-01-21

📋Vendor Advisories

1
Debian
CVE-2020-5202: apt-cacher-ng - apt-cacher-ng through 3.3 allows local users to obtain sensitive information by ...2020

💬Community

3
Bugzilla
CVE-2020-5202 apt-cacher-ng: local unprivileged user can impersonate the apt-cacher-ng daemon leading to credentials leak2020-03-16
Bugzilla
CVE-2020-5202 apt-cacher-ng: local unprivileged user can impersonate the apt-cacher-ng daemon leading to credentials leak [fedora-all]2020-03-16
Bugzilla
CVE-2020-5202 apt-cacher-ng: local unprivileged user can impersonate the apt-cacher-ng daemon leading to credentials leak [epel-7]2020-03-16
CVE-2020-5202 — Sensitive Information Exposure | cvebase