2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%
apt-cacher-ng through 3.3 allows local users to obtain sensitive
information by hijacking the hardcoded TCP port. The
/usr/lib/apt-cacher-ng/acngtool program attempts to connect to
apt-cacher-ng via TCP on localhost port 3142, even if the explicit
SocketPath=/var/run/apt-cacher-ng/socket command-line option is passed. The
cron job /etc/cron.daily/apt-cacher-ng (which is active by default)
attempts this periodically. Because 3142 is an unprivileged port, any local
user can try to bind to this port and will receive requests from acngtool.
There can be sensitive data in these requests, e.g., if AdminAuth is
enabled in /etc/apt-cacher-ng/security.conf. This sensitive data can leak
to unprivileged local users that manage to bind to this port before the
apt-cacher-ng daemon can.
OS | Version | Architecture | Package | Version | Filename |
---|---|---|---|---|---|
ubuntu | 18.04 | noarch | apt-cacher-ng | < any | UNKNOWN |
ubuntu | 16.04 | noarch | apt-cacher-ng | < any | UNKNOWN |
2.1 Low
CVSS2
Attack Vector
LOCAL
Attack Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:L/AC:L/Au:N/C:P/I:N/A:N
5.5 Medium
CVSS3
Attack Vector
LOCAL
Attack Complexity
LOW
Privileges Required
LOW
User Interaction
NONE
Scope
UNCHANGED
Confidentiality Impact
HIGH
Integrity Impact
NONE
Availability Impact
NONE
CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
0.0004 Low
EPSS
Percentile
5.1%