PT-2005-2875 · Kde+1 · Kwrite+3
Dirk Mueller
·
Published
2005-07-26
·
Updated
2024-01-25
·
CVE-2005-1920
CVSS v2.0
5.0
Medium
| Vector | AV:N/AC:L/Au:N/C:P/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
KDE versions 3.2.x through 3.4.0
Description
The issue affects the Kate and Kwrite applications, where they do not properly set the same permissions on the backup file as were set on the original file. This could allow local users and possibly remote attackers to obtain sensitive information.
Recommendations
For KDE versions 3.2.x through 3.4.0, consider updating the permissions handling in the Kate and Kwrite applications to match the original file's permissions for backup files, or apply a configuration change to restrict access to sensitive information until a proper fix is available.
At the moment, there is no information about a newer version that contains a fix for this vulnerability.
Improper Preservation of Permissions
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Kde
Kate
Kwrite
Red Hat