ID CVE-2005-1920
Summary The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.
References
Vulnerable Configurations
  • cpe:2.3:o:kde:kde:3.2
    cpe:2.3:o:kde:kde:3.2
  • cpe:2.3:o:kde:kde:3.2.1
    cpe:2.3:o:kde:kde:3.2.1
  • cpe:2.3:o:kde:kde:3.2.2
    cpe:2.3:o:kde:kde:3.2.2
  • cpe:2.3:o:kde:kde:3.2.3
    cpe:2.3:o:kde:kde:3.2.3
  • cpe:2.3:o:kde:kde:3.3
    cpe:2.3:o:kde:kde:3.3
  • cpe:2.3:o:kde:kde:3.3.1
    cpe:2.3:o:kde:kde:3.3.1
  • cpe:2.3:o:kde:kde:3.3.2
    cpe:2.3:o:kde:kde:3.3.2
  • cpe:2.3:o:kde:kde:3.4
    cpe:2.3:o:kde:kde:3.4
  • cpe:2.3:o:kde:kde:3.4.0
    cpe:2.3:o:kde:kde:3.4.0
CVSS
Base: 5.0 (as of 27-07-2005 - 17:03)
Impact:
Exploitability:
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family FreeBSD Local Security Checks
    NASL id FREEBSD_PKG_2E116BA5F7C311D9928E000B5D7E6DD5.NASL
    description A KDE Security Advisory explains : Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. Depending on the system security settings, backup files might be readable by other users. Kate / Kwrite are network transparent applications and therefore this vulnerability might not be restricted to local users.
    last seen 2019-02-21
    modified 2018-11-21
    plugin id 19338
    published 2005-08-01
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19338
    title FreeBSD : kdebase -- Kate backup file permission leak (2e116ba5-f7c3-11d9-928e-000b5d7e6dd5)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2005-612.NASL
    description Updated kdelibs packages are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. kdelibs contains libraries for the K Desktop Environment. A flaw was discovered affecting Kate, the KDE advanced text editor, and Kwrite. Depending on system settings, it may be possible for a local user to read the backup files created by Kate or Kwrite. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1920 to this issue. Please note this issue does not affect Red Hat Enterprise Linux 3 or 2.1. Users of Kate or Kwrite should update to these errata packages which contains a backported patch from the KDE security team correcting this issue.
    last seen 2019-02-21
    modified 2018-11-27
    plugin id 19332
    published 2005-07-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19332
    title RHEL 4 : kdelibs (RHSA-2005:612)
  • NASL family Fedora Local Security Checks
    NASL id FEDORA_2005-594.NASL
    description A flaw was discovered affecting Kate, the KDE advanced text editor, and Kwrite. Depending on system settings it may be possible for a local user to read the backup files created by Kate or Kwrite. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1920 to this issue. Users of Kate or Kwrite should update to this erratum package which contains a backported patch from the KDE security team correcting this issue. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19230
    published 2005-07-20
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19230
    title Fedora Core 3 : kdelibs-3.3.1-2.14.FC3 (2005-594)
  • NASL family Debian Local Security Checks
    NASL id DEBIAN_DSA-804.NASL
    description KDE developers have reported a vulnerability in the backup file handling of Kate and Kwrite. The backup files are created with default permissions, even if the original file had more strict permissions set. This could disclose information unintendedly.
    last seen 2019-02-21
    modified 2018-08-09
    plugin id 19611
    published 2005-09-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19611
    title Debian DSA-804-1 : kdelibs - insecure permissions
  • NASL family Ubuntu Local Security Checks
    NASL id UBUNTU_USN-150-1.NASL
    description Kate and Kwrite create a backup file before saving a modified file. These backup files were created with default permissions, even if the original file had more strict permissions set, so that other local users could possibly read the backup file even if they are not permitted to read the original file. Note that Tenable Network Security has extracted the preceding description block directly from the Ubuntu security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 20548
    published 2006-01-15
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=20548
    title Ubuntu 5.04 : kdelibs vulnerability (USN-150-1)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2005-612.NASL
    description Updated kdelibs packages are now available for Red Hat Enterprise Linux 4. This update has been rated as having moderate security impact by the Red Hat Security Response Team. kdelibs contains libraries for the K Desktop Environment. A flaw was discovered affecting Kate, the KDE advanced text editor, and Kwrite. Depending on system settings, it may be possible for a local user to read the backup files created by Kate or Kwrite. The Common Vulnerabilities and Exposures project assigned the name CVE-2005-1920 to this issue. Please note this issue does not affect Red Hat Enterprise Linux 3 or 2.1. Users of Kate or Kwrite should update to these errata packages which contains a backported patch from the KDE security team correcting this issue.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 21953
    published 2006-07-05
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=21953
    title CentOS 4 : kdelibs (CESA-2005:612)
  • NASL family Gentoo Local Security Checks
    NASL id GENTOO_GLSA-200611-21.NASL
    description The remote host is affected by the vulnerability described in GLSA-200611-21 (Kile: Incorrect backup file permission) Kile fails to set the same permissions on backup files as on the original file. This is similar to CVE-2005-1920. Impact : A kile user may inadvertently grant access to sensitive information. Workaround : There is no known workaround at this time.
    last seen 2019-02-21
    modified 2018-08-10
    plugin id 23729
    published 2006-11-27
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=23729
    title GLSA-200611-21 : Kile: Incorrect backup file permission
  • NASL family Mandriva Local Security Checks
    NASL id MANDRAKE_MDKSA-2005-122.NASL
    description The Kate and Kwrite programs create a file backup before saving a modified file. These backup files are created with default system permissions, even if the original file had more strict permissions set. The updated packages have been patched to address this issue.
    last seen 2019-02-21
    modified 2018-07-19
    plugin id 19265
    published 2005-07-21
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=19265
    title Mandrake Linux Security Advisory : kdelibs (MDKSA-2005:122)
oval via4
accepted 2013-04-29T04:19:23.350-04:00
class vulnerability
contributors
  • name Aharon Chernin
    organization SCAP.com, LLC
  • name Dragos Prisaca
    organization G2, Inc.
definition_extensions
  • comment The operating system installed on the system is Red Hat Enterprise Linux 4
    oval oval:org.mitre.oval:def:11831
  • comment CentOS Linux 4.x
    oval oval:org.mitre.oval:def:16636
  • comment Oracle Linux 4.x
    oval oval:org.mitre.oval:def:15990
description The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.
family unix
id oval:org.mitre.oval:def:9434
status accepted
submitted 2010-07-09T03:56:16-04:00
title The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.
version 23
redhat via4
advisories
rhsa
id RHSA-2005:612
refmap via4
bid 14297
bugtraq 20050718 [KDE Security Advisory]: Kate backup file permission leak
confirm http://www.kde.org/info/security/advisory-20050718-1.txt
debian DSA-804
fedora FLSA:178606
gentoo GLSA-200611-21
sectrack 1014512
secunia
  • 16099
  • 23099
suse SUSE-SR:2005:018
Last major update 17-10-2016 - 23:23
Published 26-07-2005 - 00:00
Last modified 19-10-2018 - 11:32
Back to Top