1. CVE-Search
  2. CVE-2020-5202
ID CVE-2020-5202
Summary apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.
References
Vulnerable Configurations
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:-:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:-:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.7.26:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.7.26:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.7.26-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.7.26-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.7.26-2:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.7.26-2:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.7.27:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.7.27:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.7.27-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.7.27-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:-:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:-:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:pre1:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:pre1:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:pre1-1:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:pre1-1:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:pre2:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:pre2:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:pre2-1:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:pre2-1:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:pre3:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:pre3:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:pre3-1:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:pre3-1:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:rc3:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:rc3:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:rc3-1:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:rc3-1:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:rc4:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:rc4:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:rc4-1:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0:rc4-1:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0-2:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0-2:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0-3:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.0-3:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.1-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.1-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.2:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.2-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.2-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.3:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.3-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.3-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.4:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.4:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.4-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.4-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.5:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.5:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.5-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.5-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.5-2:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.5-2:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.6:-:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.6:-:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.6:pre1:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.6:pre1:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.6-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.6-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.7:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.7:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.7-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.7-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.8:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.8:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.8-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.8-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.9:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.9:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.9-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.8.9-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.0:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.0:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.0-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.0-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.1-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.1-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.2:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.2-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.2-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.3:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.3:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.3-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.3-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.3.1-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.3.1-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.3.2-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:0.9.3.2-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:1-2:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:1-2:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:2:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:2:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:2-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:2-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:2-2:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:2-2:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3-2:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3-2:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3-3:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3-3:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3-4:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3-4:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3-5:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3-5:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.1-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.1-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.1-lp151.3.3.1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.1-lp151.3.3.1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.2:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.2:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.2-1:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.2-1:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.2-2:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.2-2:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.2-3:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.2-3:*:*:*:*:*:*:*
  • cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.3:*:*:*:*:*:*:*
    cpe:2.3:a:apt-cacher-ng_project:apt-cacher-ng:3.3:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:8.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:9.0:*:*:*:*:*:*:*
  • cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
    cpe:2.3:o:debian:debian_linux:10.0:*:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*
    cpe:2.3:o:opensuse:backports:sle-15:sp1:*:*:*:*:*:*
  • cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
    cpe:2.3:o:opensuse:leap:15.1:*:*:*:*:*:*:*
CVSS
Base: 2.1 (as of 01-01-2022 - 20:03)
Impact:
Exploitability:
CWE NVD-CWE-noinfo
CAPEC
Access
VectorComplexityAuthentication
LOCAL LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
cvss-vector via4 AV:L/AC:L/Au:N/C:P/I:N/A:N
refmap via4
misc
mlist [oss-security] 20200120 CVE-2020-5202: apt-cacher-ng: a local unprivileged user can impersonate the apt-cacher-ng daemon, possible credentials leak
suse
  • openSUSE-SU-2020:0124
  • openSUSE-SU-2020:0146
Last major update 01-01-2022 - 20:03
Published 21-01-2020 - 18:15
Last modified 01-01-2022 - 20:03
Back to Top