PT-2020-7603 · Canonical · Trust-Store

David Barthon

Published

2020-07-22

Updated

2020-08-09

CVE-2014-1422

CVSS v3.1

5.0

Medium

Vector

AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions trust-store (Ubuntu) versions prior to 1.1.0+15.04.20150123-0ubuntu1 trust-store (Ubuntu RTM) versions prior to 1.1.0+15.04.20150123~rtm-0ubuntu1

Description The issue arises when a user revokes location access from an application in Ubuntu's trust-store. Despite the revocation, the location remains accessible to the application due to it honoring incorrect, cached permissions. This occurs because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp.

Recommendations For trust-store (Ubuntu) versions prior to 1.1.0+15.04.20150123-0ubuntu1, update to version 1.1.0+15.04.20150123-0ubuntu1 or later. For trust-store (Ubuntu RTM) versions prior to 1.1.0+15.04.20150123~~rtm-0ubuntu1, update to version 1.1.0+15.04.20150123~~rtm-0ubuntu1 or later.

Exploit

Fix

Incorrect Permission

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-732CWE-275

Related Identifiers

CVE-2014-1422

Affected Products

Trust-Store

PT-2020-7603 · Canonical · Trust-Store

CVE-2014-1422

Weakness Enumeration

Related Identifiers

Affected Products

References · 4