OSVDB ID: 18063

Title: KDE Kate/KWrite Backup File Insecure Permission Information Disclosure

Info

Disclosure

Apr 06, 2005

Discovery

Unknown

Dates

Exploit

Apr 06, 2005

Solution

Unknown

Description

Kate/KWrite create a file backup before saving a modified file. These backup files are created with default permissions (as set by umask), even if the original file had more strict permissions set. Depending on system setup, relaxed permissions may make the backup file readable to users who would not have read permission to the original file. Kate/KWrite are network transparent, therefore this disclosure might not be limited to local users.

Classification

Location: Local Access Required
Attack Type: Information Disclosure, Race Condition
Impact: Loss of Confidentiality
Exploit: Exploit Available
Disclosure: OSVDB Verified

Solution

Upgrade to KDE version 3.4.1 or higher, as it has been reported to fix this vulnerability. Code patches are provided by KDE for all vulnerable versions. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages.

Products

KDE Project	K Desktop Environment	3.2.x
		3.3.x
		3.4.0

References

Security Tracker: 1014512
Secunia Advisory ID: 16099 16138 16160 16247 16745
CVE ID: 2005-1920 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0276.html
Other Advisory URL: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:122
http://www.debian.org/security/2005/dsa-804
http://www.ubuntulinux.org/support/documentation/usn/usn-150-1
Vendor Specific Advisory URL: http://www.kde.org/info/security/advisory-20050718-1.txt
Vendor Specific News/Changelog Entry: https://bugs.kde.org/show_bug.cgi?id=103331
RedHat RHSA: RHSA-2005:612
Keyword: umask

Credit

- bjoerncs.tu-berlin.de -

Direct URL: http://osvdb.org/36218

Info

Disclosure

Discovery

Dates

Exploit

Solution

Description

Classification

Solution

Products

KDE Project

K Desktop Environment

References

Credit