Candidate: CVE-2020-5202
PublicDate: 2020-01-21 18:15:00 UTC
References:
 https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-5202
 https://www.openwall.com/lists/oss-security/2020/01/20/4
Description:
 apt-cacher-ng through 3.3 allows local users to obtain sensitive
 information by hijacking the hardcoded TCP port. The
 /usr/lib/apt-cacher-ng/acngtool program attempts to connect to
 apt-cacher-ng via TCP on localhost port 3142, even if the explicit
 SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The
 cron job /etc/cron.daily/apt-cacher-ng (which is active by default)
 attempts this periodically. Because 3142 is an unprivileged port, any local
 user can try to bind to this port and will receive requests from acngtool.
 There can be sensitive data in these requests, e.g., if AdminAuth is
 enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak
 to unprivileged local users that manage to bind to this port before the
 apt-cacher-ng daemon can.
Ubuntu-Description:
Notes:
Mitigation:
Bugs:
Priority: medium
Discovered-by:
Assigned-to:
CVSS:
 nvd: CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N [5.5 MEDIUM]


Patches_apt-cacher-ng:
 upstream: https://salsa.debian.org/blade/apt-cacher-ng/commit/3b91874b0c099b0ded1a94f1784fe1265082efbc
upstream_apt-cacher-ng: released (3.3.1-1)
precise/esm_apt-cacher-ng: DNE
trusty_apt-cacher-ng: ignored (out of standard support)
trusty/esm_apt-cacher-ng: DNE
xenial_apt-cacher-ng: ignored (end of standard support, was needed)
bionic_apt-cacher-ng: needed
disco_apt-cacher-ng: ignored (reached end-of-life)
eoan_apt-cacher-ng: ignored (reached end-of-life)
focal_apt-cacher-ng: not-affected (3.3.1-1)
groovy_apt-cacher-ng: not-affected (3.3.1-1)
hirsute_apt-cacher-ng: not-affected (3.3.1-1)
impish_apt-cacher-ng: not-affected (3.3.1-1)
jammy_apt-cacher-ng: not-affected (3.3.1-1)
devel_apt-cacher-ng: not-affected (3.3.1-1)