FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kdebase -- Kate backup file permission leak

Affected packages
3.2.0 <= kdebase < 3.4.1
9.3 <= linux_base-suse < 9.3_2

Details

VuXML ID 2e116ba5-f7c3-11d9-928e-000b5d7e6dd5
Discovery 2005-07-18
Entry 2005-07-18
Modified 2005-10-09

A KDE Security Advisory explains:

Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set.

Depending on the system security settings, backup files might be readable by other users. Kate / Kwrite are network transparent applications and therefore this vulnerability might not be restricted to local users.

[source]

References

CVE Name CVE-2005-1920
URL http://www.kde.org/info/security/advisory-20050718-1.txt
URL https://bugs.kde.org/show_bug.cgi?id=103331

Copyright © 2003-2005 Jacques Vidrine and contributors.
Please see the source of this document for full copyright information.