CVE-2005-1920

The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.

Published: Jul 26, 2005
Updated: May 9, 2024
CVE: CVE-2005-1920
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:P/I:N/A:N

CWEs:

CWE-281

Affected Software
References

Software	From	Fixed in
kde / kde	3.2	3.4.0.x
debian / debian_linux	3.1	3.1.x

http://marc.info/?l=bugtraq&m=112171434023679&w=2
http://secunia.com/advisories/16099
http://secunia.com/advisories/23099
http://security.gentoo.org/glsa/glsa-200611-21.xml
http://securitytracker.com/id?1014512
http://www.debian.org/security/2005/dsa-804
http://www.kde.org/info/security/advisory-20050718-1.txt
http://www.novell.com/linux/security/advisories/2005_18_sr.html
http://www.redhat.com/support/errata/RHSA-2005-612.html
http://www.securityfocus.com/archive/1/427976/100/0/threaded
http://www.securityfocus.com/bid/14297
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9434

Vulnerability Database

289,599

CVE-2005-1920