GSD-2014-1422
Vulnerability from gsd - Updated: 2023-12-13 01:22Details
In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.
Aliases
Aliases
{
"GSD": {
"alias": "CVE-2014-1422",
"description": "In Ubuntu\u0027s trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.",
"id": "GSD-2014-1422"
},
"gsd": {
"metadata": {
"exploitCode": "unknown",
"remediation": "unknown",
"reportConfidence": "confirmed",
"type": "vulnerability"
},
"osvSchema": {
"aliases": [
"CVE-2014-1422"
],
"details": "In Ubuntu\u0027s trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.",
"id": "GSD-2014-1422",
"modified": "2023-12-13T01:22:51.556599Z",
"schema_version": "1.4.0"
}
},
"namespaces": {
"cve.org": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2014-10-30T15:22:00.000Z",
"ID": "CVE-2014-1422",
"STATE": "PUBLIC",
"TITLE": "Location service uses cached authorization even after revocation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "trust-store (Ubuntu)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1.1.0",
"version_value": "1.1.0+15.04.20150123-0ubuntu1"
}
]
}
},
{
"product_name": "trust-store (Ubuntu RTM)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1.1.0",
"version_value": "1.1.0+15.04.20150123~rtm-0ubuntu1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "David Barth"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Ubuntu\u0027s trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-275 Permission Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1387734",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1387734"
},
{
"name": "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82",
"refsource": "CONFIRM",
"url": "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://launchpad.net/bugs/1387734"
],
"discovery": "INTERNAL"
},
"work_around": []
},
"nvd.nist.gov": {
"configurations": {
"CVE_data_version": "4.0",
"nodes": [
{
"children": [],
"cpe_match": [
{
"cpe23Uri": "cpe:2.3:a:canonical:trust-store_\\(ubuntu\\):*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0",
"vulnerable": true
},
{
"cpe23Uri": "cpe:2.3:a:canonical:trust-store_\\(ubuntu_rtm\\):*:*:*:*:*:*:*:*",
"cpe_name": [],
"versionEndExcluding": "1.1.0",
"vulnerable": true
}
],
"operator": "OR"
}
]
},
"cve": {
"CVE_data_meta": {
"ASSIGNER": "security@ubuntu.com",
"ID": "CVE-2014-1422"
},
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "en",
"value": "In Ubuntu\u0027s trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1."
}
]
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "en",
"value": "CWE-732"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1387734",
"refsource": "CONFIRM",
"tags": [
"Exploit",
"Patch",
"Third Party Advisory"
],
"url": "https://launchpad.net/bugs/1387734"
},
{
"name": "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82",
"refsource": "CONFIRM",
"tags": [
"Patch",
"Third Party Advisory"
],
"url": "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82"
}
]
}
},
"impact": {
"baseMetricV2": {
"acInsufInfo": false,
"cvssV2": {
"accessComplexity": "MEDIUM",
"accessVector": "LOCAL",
"authentication": "NONE",
"availabilityImpact": "NONE",
"baseScore": 1.9,
"confidentialityImpact": "PARTIAL",
"integrityImpact": "NONE",
"vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N",
"version": "2.0"
},
"exploitabilityScore": 3.4,
"impactScore": 2.9,
"obtainAllPrivilege": false,
"obtainOtherPrivilege": false,
"obtainUserPrivilege": false,
"severity": "LOW",
"userInteractionRequired": true
},
"baseMetricV3": {
"cvssV3": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5.0,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
},
"exploitabilityScore": 1.3,
"impactScore": 3.6
}
},
"lastModifiedDate": "2020-08-09T20:36Z",
"publishedDate": "2020-07-22T18:15Z"
}
}
}
Loading…
Loading…
Sightings
| Author | Source | Type | Date |
|---|
Nomenclature
- Seen: The vulnerability was mentioned, discussed, or observed by the user.
- Confirmed: The vulnerability has been validated from an analyst's perspective.
- Published Proof of Concept: A public proof of concept is available for this vulnerability.
- Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
- Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
- Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
- Not confirmed: The user expressed doubt about the validity of the vulnerability.
- Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.
Loading…
Loading…