FreeBSD VuXML: Documenting security issues in FreeBSD and the FreeBSD Ports Collection

kdebase -- Kate backup file permission leak

Affected packages
3.2.0 <= kdebase < 3.4.1
9.3 <= linux_base-suse < 9.3_2


VuXML ID 2e116ba5-f7c3-11d9-928e-000b5d7e6dd5
Discovery 2005-07-18
Entry 2005-07-18
Modified 2005-10-09

A KDE Security Advisory explains:

Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set.

Depending on the system security settings, backup files might be readable by other users. Kate / Kwrite are network transparent applications and therefore this vulnerability might not be restricted to local users.


CVE Name CVE-2005-1920