Lucene search

Ubuntu.comUB:CVE-2014-1422

HistoryJul 22, 2020 - 12:00 a.m.

CVE-2014-1422

2020-07-2200:00:00

ubuntu.com

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.0%

JSON

In Ubuntu’s trust-store, if a user revokes location access from an
application, the location is still available to the application because the
application will honour incorrect, cached permissions. This is because the
cache was not ordered by creation time by the Select struct in
src/core/trust/impl/sqlite3/store.cpp. Fixed in trust-store (Ubuntu)
version 1.1.0+15.04.20150123-0ubuntu1 and trust-store (Ubuntu RTM) version
1.1.0+15.04.20150123~rtm-0ubuntu1.

Bugs

<https://bugs.launchpad.net/ubuntu/+source/location-service/+bug/1387734>

References

launchpad.net/bugs/cve/CVE-2014-1422

nvd.nist.gov/vuln/detail/CVE-2014-1422

security-tracker.debian.org/tracker/CVE-2014-1422

www.cve.org/CVERecord?id=CVE-2014-1422

CVSS2

1.9

Attack Vector

LOCAL

Attack Complexity

MEDIUM

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

NONE

Availability Impact

NONE

AV:L/AC:M/Au:N/C:P/I:N/A:N

CVSS3

Attack Vector

LOCAL

Attack Complexity

LOW

Privileges Required

LOW

User Interaction

REQUIRED

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

NONE

Availability Impact

NONE

CVSS:3.1/AV:L/AC:L/PR:L/UI:R/S:U/C:H/I:N/A:N

EPSS

0.001

Percentile

18.0%

JSON

Related for UB:CVE-2014-1422