Search criteria
2 vulnerabilities found for trust-store (Ubuntu RTM) by Canonical
CVE-2014-1422 (GCVE-0-2014-1422)
Vulnerability from nvd – Published: 2020-07-22 18:05 – Updated: 2024-09-17 03:18
VLAI
Title
Location service uses cached authorization even after revocation
Summary
In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.
Severity
5 (Medium)
CWE
- CWE-275 - Permission Issues
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.net/bugs/1387734 | x_refsource_CONFIRM |
| https://bazaar.launchpad.net/~phablet-team/trust-… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | trust-store (Ubuntu) |
Affected:
1.1.0 , < 1.1.0+15.04.20150123-0ubuntu1
(custom)
|
|
| Canonical | trust-store (Ubuntu RTM) |
Affected:
1.1.0 , < 1.1.0+15.04.20150123~rtm-0ubuntu1
(custom)
|
Date Public
2014-10-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1387734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "trust-store (Ubuntu)",
"vendor": "Canonical",
"versions": [
{
"lessThan": "1.1.0+15.04.20150123-0ubuntu1",
"status": "affected",
"version": "1.1.0",
"versionType": "custom"
}
]
},
{
"product": "trust-store (Ubuntu RTM)",
"vendor": "Canonical",
"versions": [
{
"lessThan": "1.1.0+15.04.20150123~rtm-0ubuntu1",
"status": "affected",
"version": "1.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "David Barth"
}
],
"datePublic": "2014-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Ubuntu\u0027s trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-275",
"description": "CWE-275 Permission Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-22T18:05:19.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1387734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82"
}
],
"source": {
"defect": [
"https://launchpad.net/bugs/1387734"
],
"discovery": "INTERNAL"
},
"title": "Location service uses cached authorization even after revocation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2014-10-30T15:22:00.000Z",
"ID": "CVE-2014-1422",
"STATE": "PUBLIC",
"TITLE": "Location service uses cached authorization even after revocation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "trust-store (Ubuntu)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1.1.0",
"version_value": "1.1.0+15.04.20150123-0ubuntu1"
}
]
}
},
{
"product_name": "trust-store (Ubuntu RTM)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1.1.0",
"version_value": "1.1.0+15.04.20150123~rtm-0ubuntu1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "David Barth"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Ubuntu\u0027s trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-275 Permission Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1387734",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1387734"
},
{
"name": "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82",
"refsource": "CONFIRM",
"url": "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://launchpad.net/bugs/1387734"
],
"discovery": "INTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2014-1422",
"datePublished": "2020-07-22T18:05:19.844Z",
"dateReserved": "2014-01-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:18:34.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}
CVE-2014-1422 (GCVE-0-2014-1422)
Vulnerability from cvelistv5 – Published: 2020-07-22 18:05 – Updated: 2024-09-17 03:18
VLAI
Title
Location service uses cached authorization even after revocation
Summary
In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.
Severity
5 (Medium)
CWE
- CWE-275 - Permission Issues
Assigner
References
2 references
| URL | Tags |
|---|---|
| https://launchpad.net/bugs/1387734 | x_refsource_CONFIRM |
| https://bazaar.launchpad.net/~phablet-team/trust-… | x_refsource_CONFIRM |
Impacted products
2 products
| Vendor | Product | Version | |
|---|---|---|---|
| Canonical | trust-store (Ubuntu) |
Affected:
1.1.0 , < 1.1.0+15.04.20150123-0ubuntu1
(custom)
|
|
| Canonical | trust-store (Ubuntu RTM) |
Affected:
1.1.0 , < 1.1.0+15.04.20150123~rtm-0ubuntu1
(custom)
|
Date Public
2014-10-30 00:00
Credits
{
"containers": {
"adp": [
{
"providerMetadata": {
"dateUpdated": "2024-08-06T09:42:35.385Z",
"orgId": "af854a3a-2127-422b-91ae-364da2661108",
"shortName": "CVE"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://launchpad.net/bugs/1387734"
},
{
"tags": [
"x_refsource_CONFIRM",
"x_transferred"
],
"url": "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82"
}
],
"title": "CVE Program Container"
}
],
"cna": {
"affected": [
{
"product": "trust-store (Ubuntu)",
"vendor": "Canonical",
"versions": [
{
"lessThan": "1.1.0+15.04.20150123-0ubuntu1",
"status": "affected",
"version": "1.1.0",
"versionType": "custom"
}
]
},
{
"product": "trust-store (Ubuntu RTM)",
"vendor": "Canonical",
"versions": [
{
"lessThan": "1.1.0+15.04.20150123~rtm-0ubuntu1",
"status": "affected",
"version": "1.1.0",
"versionType": "custom"
}
]
}
],
"credits": [
{
"lang": "en",
"value": "David Barth"
}
],
"datePublic": "2014-10-30T00:00:00.000Z",
"descriptions": [
{
"lang": "en",
"value": "In Ubuntu\u0027s trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1."
}
],
"metrics": [
{
"cvssV3_1": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
}
],
"problemTypes": [
{
"descriptions": [
{
"cweId": "CWE-275",
"description": "CWE-275 Permission Issues",
"lang": "en",
"type": "CWE"
}
]
}
],
"providerMetadata": {
"dateUpdated": "2020-07-22T18:05:19.000Z",
"orgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"shortName": "canonical"
},
"references": [
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://launchpad.net/bugs/1387734"
},
{
"tags": [
"x_refsource_CONFIRM"
],
"url": "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82"
}
],
"source": {
"defect": [
"https://launchpad.net/bugs/1387734"
],
"discovery": "INTERNAL"
},
"title": "Location service uses cached authorization even after revocation",
"x_generator": {
"engine": "Vulnogram 0.0.9"
},
"x_legacyV4Record": {
"CVE_data_meta": {
"AKA": "",
"ASSIGNER": "security@ubuntu.com",
"DATE_PUBLIC": "2014-10-30T15:22:00.000Z",
"ID": "CVE-2014-1422",
"STATE": "PUBLIC",
"TITLE": "Location service uses cached authorization even after revocation"
},
"affects": {
"vendor": {
"vendor_data": [
{
"product": {
"product_data": [
{
"product_name": "trust-store (Ubuntu)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1.1.0",
"version_value": "1.1.0+15.04.20150123-0ubuntu1"
}
]
}
},
{
"product_name": "trust-store (Ubuntu RTM)",
"version": {
"version_data": [
{
"platform": "",
"version_affected": "\u003c",
"version_name": "1.1.0",
"version_value": "1.1.0+15.04.20150123~rtm-0ubuntu1"
}
]
}
}
]
},
"vendor_name": "Canonical"
}
]
}
},
"configuration": [],
"credit": [
{
"lang": "eng",
"value": "David Barth"
}
],
"data_format": "MITRE",
"data_type": "CVE",
"data_version": "4.0",
"description": {
"description_data": [
{
"lang": "eng",
"value": "In Ubuntu\u0027s trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1."
}
]
},
"exploit": [],
"generator": {
"engine": "Vulnogram 0.0.9"
},
"impact": {
"cvss": {
"attackComplexity": "LOW",
"attackVector": "LOCAL",
"availabilityImpact": "NONE",
"baseScore": 5,
"baseSeverity": "MEDIUM",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"privilegesRequired": "LOW",
"scope": "UNCHANGED",
"userInteraction": "REQUIRED",
"vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N",
"version": "3.1"
}
},
"problemtype": {
"problemtype_data": [
{
"description": [
{
"lang": "eng",
"value": "CWE-275 Permission Issues"
}
]
}
]
},
"references": {
"reference_data": [
{
"name": "https://launchpad.net/bugs/1387734",
"refsource": "CONFIRM",
"url": "https://launchpad.net/bugs/1387734"
},
{
"name": "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82",
"refsource": "CONFIRM",
"url": "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82"
}
]
},
"solution": [],
"source": {
"advisory": "",
"defect": [
"https://launchpad.net/bugs/1387734"
],
"discovery": "INTERNAL"
},
"work_around": []
}
}
},
"cveMetadata": {
"assignerOrgId": "cc1ad9ee-3454-478d-9317-d3e869d708bc",
"assignerShortName": "canonical",
"cveId": "CVE-2014-1422",
"datePublished": "2020-07-22T18:05:19.844Z",
"dateReserved": "2014-01-13T00:00:00.000Z",
"dateUpdated": "2024-09-17T03:18:34.686Z",
"state": "PUBLISHED"
},
"dataType": "CVE_RECORD",
"dataVersion": "5.1"
}