CVE-2005-1920 - OpenCVE

The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact None

Availability Impact None

User Interaction None

No CVSS v3.0

Access Vector Network

Access Complexity Low

Authentication None

Confidentiality Impact Partial

Integrity Impact None

Availability Impact None

AV:N/AC:L/Au:N/C:P/I:N/A:N

Vendors & Products
CPE Configurations

Vendors	Products
Debian	Debian Linux
Kde	Kde

Configuration 1 [-]

cpe:2.3:o:kde:kde:*:*:*:*:*:*:*:*

Configuration 2 [-]

cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*

References

Link	Resource
http://marc.info/?l=bugtraq&m=112171434023679&w=2	Mailing List
http://secunia.com/advisories/16099	Broken Link
http://secunia.com/advisories/23099	Broken Link
http://security.gentoo.org/glsa/glsa-200611-21.xml	Third Party Advisory
http://securitytracker.com/id?1014512	Broken Link Third Party Advisory VDB Entry
http://www.debian.org/security/2005/dsa-804	Third Party Advisory
http://www.kde.org/info/security/advisory-20050718-1.txt	Patch Vendor Advisory
http://www.novell.com/linux/security/advisories/2005_18_sr.html	Broken Link
http://www.redhat.com/support/errata/RHSA-2005-612.html	Broken Link
http://www.securityfocus.com/archive/1/427976/100/0/threaded	Broken Link Third Party Advisory VDB Entry
http://www.securityfocus.com/bid/14297	Broken Link Third Party Advisory VDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9434	Broken Link

History

No history.

MITRE Information

Status: PUBLISHED

Assigner: redhat

Published: 2005-07-26T04:00:00

Updated: 2018-10-19T14:57:01

Reserved: 2005-06-08T00:00:00

Link: CVE-2005-1920

JSON object: View

NVD Information

Status : Analyzed

Published: 2005-07-26T04:00:00.000

Modified: 2024-01-25T21:11:47.290

Link: CVE-2005-1920

JSON object: View

Redhat Information

No data.

CWE

CWE-281

{"containers": {"cna": {"affected": [{"product": "n/a", "vendor": "n/a", "versions": [{"status": "affected", "version": "n/a"}]}], "datePublic": "2005-07-18T00:00:00", "descriptions": [{"lang": "en", "value": "The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information."}], "problemTypes": [{"descriptions": [{"description": "n/a", "lang": "en", "type": "text"}]}], "providerMetadata": {"dateUpdated": "2018-10-19T14:57:01", "orgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "shortName": "redhat"}, "references": [{"name": "SUSE-SR:2005:018", "tags": ["vendor-advisory", "x_refsource_SUSE"], "url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"}, {"name": "14297", "tags": ["vdb-entry", "x_refsource_BID"], "url": "http://www.securityfocus.com/bid/14297"}, {"name": "oval:org.mitre.oval:def:9434", "tags": ["vdb-entry", "signature", "x_refsource_OVAL"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9434"}, {"name": "DSA-804", "tags": ["vendor-advisory", "x_refsource_DEBIAN"], "url": "http://www.debian.org/security/2005/dsa-804"}, {"name": "1014512", "tags": ["vdb-entry", "x_refsource_SECTRACK"], "url": "http://securitytracker.com/id?1014512"}, {"name": "FLSA:178606", "tags": ["vendor-advisory", "x_refsource_FEDORA"], "url": "http://www.securityfocus.com/archive/1/427976/100/0/threaded"}, {"name": "20050718 [KDE Security Advisory]: Kate backup file permission leak", "tags": ["mailing-list", "x_refsource_BUGTRAQ"], "url": "http://marc.info/?l=bugtraq&m=112171434023679&w=2"}, {"tags": ["x_refsource_CONFIRM"], "url": "http://www.kde.org/info/security/advisory-20050718-1.txt"}, {"name": "GLSA-200611-21", "tags": ["vendor-advisory", "x_refsource_GENTOO"], "url": "http://security.gentoo.org/glsa/glsa-200611-21.xml"}, {"name": "16099", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/16099"}, {"name": "23099", "tags": ["third-party-advisory", "x_refsource_SECUNIA"], "url": "http://secunia.com/advisories/23099"}, {"name": "RHSA-2005:612", "tags": ["vendor-advisory", "x_refsource_REDHAT"], "url": "http://www.redhat.com/support/errata/RHSA-2005-612.html"}]}}, "cveMetadata": {"assignerOrgId": "53f830b8-0a3f-465b-8143-3b8a9948e749", "assignerShortName": "redhat", "cveId": "CVE-2005-1920", "datePublished": "2005-07-26T04:00:00", "dateReserved": "2005-06-08T00:00:00", "dateUpdated": "2018-10-19T14:57:01", "state": "PUBLISHED"}, "dataType": "CVE_RECORD", "dataVersion": "5.0"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:kde:kde:*:*:*:*:*:*:*:*", "matchCriteriaId": "A8FBCB14-BB97-4340-B5A5-5759A7D417DC", "versionEndIncluding": "3.4.0", "versionStartIncluding": "3.2", "vulnerable": true}], "negate": false, "operator": "OR"}]}, {"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:o:debian:debian_linux:3.1:*:*:*:*:*:*:*", "matchCriteriaId": "A2E0C1F8-31F5-4F61-9DF7-E49B43D3C873", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "descriptions": [{"lang": "en", "value": "The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information."}, {"lang": "es", "value": "Las aplicaciones Kate y Kwrite en KDE 3.2.x hasta la 3.4.0 no fijan adecuadamente los permisos en los ficheros de backup, lo que podr\u00eda permitir que usuarios locales, y posiblemente tambi\u00e9n remotos, obtengan informaci\u00f3n confidencial."}], "id": "CVE-2005-1920", "lastModified": "2024-01-25T21:11:47.290", "metrics": {"cvssMetricV2": [{"acInsufInfo": false, "baseSeverity": "MEDIUM", "cvssData": {"accessComplexity": "LOW", "accessVector": "NETWORK", "authentication": "NONE", "availabilityImpact": "NONE", "baseScore": 5.0, "confidentialityImpact": "PARTIAL", "integrityImpact": "NONE", "vectorString": "AV:N/AC:L/Au:N/C:P/I:N/A:N", "version": "2.0"}, "exploitabilityScore": 10.0, "impactScore": 2.9, "obtainAllPrivilege": false, "obtainOtherPrivilege": false, "obtainUserPrivilege": false, "source": "nvd@nist.gov", "type": "Primary", "userInteractionRequired": false}], "cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2005-07-26T04:00:00.000", "references": [{"source": "secalert@redhat.com", "tags": ["Mailing List"], "url": "http://marc.info/?l=bugtraq&m=112171434023679&w=2"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/16099"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://secunia.com/advisories/23099"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://security.gentoo.org/glsa/glsa-200611-21.xml"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://securitytracker.com/id?1014512"}, {"source": "secalert@redhat.com", "tags": ["Third Party Advisory"], "url": "http://www.debian.org/security/2005/dsa-804"}, {"source": "secalert@redhat.com", "tags": ["Patch", "Vendor Advisory"], "url": "http://www.kde.org/info/security/advisory-20050718-1.txt"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.novell.com/linux/security/advisories/2005_18_sr.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "http://www.redhat.com/support/errata/RHSA-2005-612.html"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/archive/1/427976/100/0/threaded"}, {"source": "secalert@redhat.com", "tags": ["Broken Link", "Third Party Advisory", "VDB Entry"], "url": "http://www.securityfocus.com/bid/14297"}, {"source": "secalert@redhat.com", "tags": ["Broken Link"], "url": "https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9434"}], "sourceIdentifier": "secalert@redhat.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-281"}], "source": "nvd@nist.gov", "type": "Primary"}]}