In Ubuntu's trust-store, if a user revokes location access from an application, the location is still available to the application because the application will honour incorrect, cached permissions. This is because the cache was not ordered by creation time by the Select struct in src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu) version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version 1.1.0+15.04.20150123~rtm-0ubuntu1.
References
Link | Resource |
---|---|
https://bazaar.launchpad.net/~phablet-team/trust-store/trunk/revision/82 | Patch Third Party Advisory |
https://launchpad.net/bugs/1387734 | Exploit Patch Third Party Advisory |
History
No history.
MITRE Information
Status: PUBLISHED
Assigner: canonical
Published: 2014-10-30T00:00:00
Updated: 2020-07-22T18:05:19
Reserved: 2014-01-13T00:00:00
Link: CVE-2014-1422
JSON object: View
NVD Information
Status : Analyzed
Published: 2020-07-22T18:15:11.677
Modified: 2020-08-09T20:36:57.410
Link: CVE-2014-1422
JSON object: View
Redhat Information
No data.