| Vulnerability Name: | CVE-2005-1920 (CCN-21508) | ||||||||||||||||||||
| Assigned: | 2005-07-18 | ||||||||||||||||||||
| Published: | 2005-07-18 | ||||||||||||||||||||
| Updated: | 2018-10-19 | ||||||||||||||||||||
| Summary: | The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information. | ||||||||||||||||||||
| CVSS v3 Severity: | 4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N)
| ||||||||||||||||||||
| CVSS v2 Severity: | 5.0 Medium (CVSS v2 Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N)
| ||||||||||||||||||||
| Vulnerability Type: | CWE-Other | ||||||||||||||||||||
| Vulnerability Consequences: | Obtain Information | ||||||||||||||||||||
| References: | Source: CCN Type: Full-Disclosure Mailing List, Thu Jul 21 2005 - 04:27:11 CDT [USN-150-1] KDE library vulnerability Source: MITRE Type: CNA CVE-2005-1920 Source: CCN Type: Conectiva Linux Security Announcement CLSA-2005:988 Fix for KDE security vulnerability Source: BUGTRAQ Type: UNKNOWN 20050718 [KDE Security Advisory]: Kate backup file permission leak Source: CCN Type: RHSA-2005-612 kdelibs security update Source: CCN Type: SA16099 KDE Kate / KWrite Backup File Insecure File Permissions Source: SECUNIA Type: UNKNOWN 16099 Source: SECUNIA Type: UNKNOWN 23099 Source: GENTOO Type: UNKNOWN GLSA-200611-21 Source: CCN Type: SECTRACK ID: 1014512 KDE Kate/Kwrite May Disclose Backup Files to Local Users or Remote Authenticated Users Source: SECTRACK Type: UNKNOWN 1014512 Source: DEBIAN Type: UNKNOWN DSA-804 Source: DEBIAN Type: DSA-804 kdelibs -- insecure permissions Source: CCN Type: GLSA-200611-21 Kile: Incorrect backup file permission Source: CCN Type: KDE Security Advisory 20050718-1 Kate backup file permission leak Source: CONFIRM Type: Patch, Vendor Advisory http://www.kde.org/info/security/advisory-20050718-1.txt Source: SUSE Type: UNKNOWN SUSE-SR:2005:018 Source: REDHAT Type: UNKNOWN RHSA-2005:612 Source: FEDORA Type: UNKNOWN FLSA:178606 Source: BID Type: UNKNOWN 14297 Source: CCN Type: BID-14297 KDE Kate, KWrite Local Backup File Information Disclosure Vulnerability Source: CCN Type: USN-150-1 KDE library vulnerability Source: XF Type: UNKNOWN kde-kate-kwrite-backup-default-permission(21508) Source: OVAL Type: UNKNOWN oval:org.mitre.oval:def:9434 Source: SUSE Type: SUSE-SR:2005:018 SUSE Security Summary Report | ||||||||||||||||||||
| Vulnerable Configuration: | Configuration 1: Configuration RedHat 1:  Denotes that component is vulnerable | ||||||||||||||||||||
| Oval Definitions | |||||||||||||||||||||
| |||||||||||||||||||||
| BACK | |||||||||||||||||||||