apt-cacher-ng through 3.3 allows local users to obtain sensitive
information by hijacking the hardcoded TCP port. The
/usr/lib/apt-cacher-ng/acngtool program attempts to connect to
apt-cacher-ng via TCP on localhost port 3142, even if the explicit
SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The
cron job /etc/cron.daily/apt-cacher-ng (which is active by default)
attempts this periodically. Because 3142 is an unprivileged port, any local
user can try to bind to this port and will receive requests from acngtool.
There can be sensitive data in these requests, e.g., if AdminAuth is
enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak
to unprivileged local users that manage to bind to this port before the
apt-cacher-ng daemon can.
Upstream:released (3.3.1-1)
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 ESM (Trusty Tahr):DNE
Ubuntu 16.04 LTS (Xenial Xerus):needed
Ubuntu 18.04 LTS (Bionic Beaver):needed
Ubuntu 19.10 (Eoan Ermine):needed
Ubuntu 20.04 (Focal Fossa):not-affected (3.3.1-1)
More Information

Updated: 2020-02-05 03:14:46 UTC (commit 33eecc947e5a5d8011f73d8a56dd2486b44db0fd)