CVE-2014-1422

In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.

CVSS v3 5.0 MEDIUM
CVSS v2.0 1.9 LOW

5.0^/10

CVSS v3 : MEDIUM

Vector :

Exploitability : 1.3 / Impact : 3.6

Attack Vector LOCAL

Attack Complexity LOW

Privileges Required LOW

User Interaction REQUIRED

Confidentiality Impact HIGH

Integrity Impact NONE

Availability Impact NONE

Scope UNCHANGED

1.9^/10

CVSS v2.0 : LOW

Vector : AV:L/AC:M/Au:N/C:P/I:N/A:N

Exploitability : 3.4 / Impact : 2.9

Access Vector LOCAL

Access Complexity MEDIUM

Authentication NONE

Confidentiality Impact PARTIAL

Integrity Impact NONE

Availability Impact NONE

References

Link	Resource
https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82	Patch Third Party Advisory
https://launchpad.net/bugs/1387734	Exploit Patch Third Party Advisory

Configurations

Configuration 1 (hide)

OR	cpe:2.3:a:canonical:trust-store_\(ubuntu\)::::::::
	cpe:2.3:a:canonical:trust-store_\(ubuntu_rtm\)::::::::

History

No history.

Information

Published : 2020-07-22 18:15

Updated : 2024-02-28 17:47

NVD link : CVE-2014-1422

Mitre link : CVE-2014-1422

CVE.ORG link : CVE-2014-1422

JSON object : View

Products Affected

canonical

trust-store_\(ubuntu_rtm\)
trust-store_\(ubuntu\)

CWE

CWE-732

Incorrect Permission Assignment for Critical Resource

CWE-275

Permission Issues

{"id": "CVE-2014-1422", "metrics": {"cvssMetricV2": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"version": "2.0", "baseScore": 1.9, "accessVector": "LOCAL", "vectorString": "AV:L/AC:M/Au:N/C:P/I:N/A:N", "authentication": "NONE", "integrityImpact": "NONE", "accessComplexity": "MEDIUM", "availabilityImpact": "NONE", "confidentialityImpact": "PARTIAL"}, "acInsufInfo": false, "impactScore": 2.9, "baseSeverity": "LOW", "obtainAllPrivilege": false, "exploitabilityScore": 3.4, "obtainUserPrivilege": false, "obtainOtherPrivilege": false, "userInteractionRequired": true}], "cvssMetricV31": [{"type": "Primary", "source": "nvd@nist.gov", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.3}, {"type": "Secondary", "source": "security@ubuntu.com", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.0, "attackVector": "LOCAL", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "REQUIRED", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "LOW", "confidentialityImpact": "HIGH"}, "impactScore": 3.6, "exploitabilityScore": 1.3}]}, "published": "2020-07-22T18:15:11.677", "references": [{"url": "https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82", "tags": ["Patch", "Third Party Advisory"], "source": "security@ubuntu.com"}, {"url": "https://launchpad.net/bugs/1387734", "tags": ["Exploit", "Patch", "Third Party Advisory"], "source": "security@ubuntu.com"}], "vulnStatus": "Analyzed", "weaknesses": [{"type": "Primary", "source": "nvd@nist.gov", "description": [{"lang": "en", "value": "CWE-732"}]}, {"type": "Secondary", "source": "security@ubuntu.com", "description": [{"lang": "en", "value": "CWE-275"}]}], "descriptions": [{"lang": "en", "value": "In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1."}, {"lang": "es", "value": "En trust-store de Ubuntu, si un usuario revoca el acceso a la ubicaci\u00f3n desde una aplicaci\u00f3n, la ubicaci\u00f3n a\u00fan est\u00e1 disponible para la aplicaci\u00f3n porque la aplicaci\u00f3n respetar\u00e1 los permisos de cach\u00e9 incorrectos. Esto es debido a que la cach\u00e9 no fue ordenada por tiempo de creaci\u00f3n por la estructura Select en el archivo src/core/trust/impl/sqlite3/store.cpp. Es corregido en trust-store (Ubuntu) versi\u00f3n 1.1.0+ 15.04.20150123-0ubuntu1 y trust-store (Ubuntu RTM) versi\u00f3n 1.1.0+15.04.20150123~rtm-0ubuntu1"}], "lastModified": "2020-08-09T20:36:57.410", "configurations": [{"nodes": [{"negate": false, "cpeMatch": [{"criteria": "cpe:2.3:a:canonical:trust-store_\\(ubuntu\\):*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "C5034A8B-F37E-491E-8827-1B47CF57BFEB", "versionEndExcluding": "1.1.0"}, {"criteria": "cpe:2.3:a:canonical:trust-store_\\(ubuntu_rtm\\):*:*:*:*:*:*:*:*", "vulnerable": true, "matchCriteriaId": "EED5348E-8A44-4423-A41D-ED583C530023", "versionEndExcluding": "1.1.0"}], "operator": "OR"}]}], "sourceIdentifier": "security@ubuntu.com"}