|
KDE Kate / KWrite Backup File Insecure File Permissions
|
|
Secunia Advisory:
|
SA16099
|
|
|
Release Date:
|
2005-07-19
|
|
Popularity:
|
9,767 views
|
|
|
Critical:
|
Less critical
|
|
Impact:
|
Exposure of sensitive information
|
|
Where:
|
Local system
|
|
Solution Status:
|
Vendor Patch
|
|
| Software: | KDE 3.x
|
|
|
Subscribe:
|
Instant alerts on relevant vulnerabilities 
|
|
| CVE reference: | CVE-2005-1920
|
|
Description:
bjoern has reported a security issue in Kate and KWrite, which can be exploited by malicious, local users to gain knowledge of certain information.
The security issue is caused due to backup files being created with default permissions even when the original file had more restrictive permissions set. This can potentially disclose the contents of files edited by other users.
The security issue has been reported in all versions of Kate and Kwrite shipped with KDE 3.2.x through 3.4.0.
Solution:
Apply patches.
ftp://ftp.kde.org/pub/kde/security_patches
KDE 3.4.0:
50f7bc6d8cf4b7aaa65e4e8062fc46c9 post-3.4.0-kdelibs-kate.diff
KDE 3.3.x:
138c3252883171d55ec24ed0318950fd post-3.3.2-kdelibs-kate.diff
KDE 3.2.x:
56667c05f545e8c9711c35bf78497bfd post-3.2.3-kdelibs-kate.diff
Provided and/or discovered by:
bjoern
Original Advisory:
KDE:
http://www.kde.org/info/security/advisory-20050718-1.txt
|
|
|
Track this Secunia Advisory
|
Customers of the Secunia Vulnerability Intelligence solutions will automatically receive updates when new information regarding this advisory is released.
Read more about our Vulnerability Intelligence solutions and what they can do for you and your company.
|
|
|
About this Secunia Advisory
|
Please note: The information that this Secunia Advisory is based on comes from a third party unless stated otherwise.
Secunia collects, validates, and verifies all vulnerability reports issued by security research groups, vendors, and others.
|
