Apt Cacher Ng Apt Cacher Ngproject Apt Cacher Ng

stack.watch can notify you when security vulnerabilities are reported in Apt Cacher Ngproject Apt Cacher Ng. You can add multiple products that you use with Apt Cacher Ng to create your own personal software stack watcher.

By the Year

In 2020 there have been 1 vulnerability in Apt Cacher Ngproject Apt Cacher Ng with an average score of 5.5 out of ten. Last year Apt Cacher Ng had 0 security vulnerabilities published. That is, 1 more vulnerability have already been reported in 2020 as compared to last year.

Year Vulnerabilities Average Score
2020 1 5.50
2019 0 0.00
2018 0 0.00

It may take a day or so for new Apt Cacher Ng vulnerabilities to show up. Additionally vulnerabilities may be tagged under a different product or component name.

Latest Apt Cacher Ngproject Apt Cacher Ng Security Vulnerabilities

apt-cacher-ng through 3.3

CVE-2020-5202 5.5 - Medium - January 21, 2020

apt-cacher-ng through 3.3 allows local users to obtain sensitive information by hijacking the hardcoded TCP port. The /usr/lib/apt-cacher-ng/acngtool program attempts to connect to apt-cacher-ng via TCP on localhost port 3142, even if the explicit SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The cron job /etc/cron.daily/apt-cacher-ng (which is active by default) attempts this periodically. Because 3142 is an unprivileged port, any local user can try to bind to this port and will receive requests from acngtool. There can be sensitive data in these requests, e.g., if AdminAuth is enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak to unprivileged local users that manage to bind to this port before the apt-cacher-ng daemon can.

Information Leak