Apt Cacher Ngproject Apt Cacher Ng
By the Year
In 2020 there have been 1 vulnerability in Apt Cacher Ngproject Apt Cacher Ng with an average score of 5.5 out of ten. Last year Apt Cacher Ng had 0 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2020 as compared to last year.
It may take a day or so for new Apt Cacher Ng vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.
Latest Apt Cacher Ngproject Apt Cacher Ng Security Vulnerabilities
apt-cacher-ng through 3.3
5.5 - Medium
- January 21, 2020
apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.