CVE-2005-1920
First published: Tue Jul 26 2005(Updated: )
The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.
Credit: secalert@redhat.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| KDE KDE | =3.3.2 | |
| KDE KDE | =3.3.1 | |
| KDE KDE | =3.2.2 | |
| KDE KDE | =3.2.1 | |
| KDE KDE | =3.4.0 | |
| KDE KDE | =3.4 | |
| KDE KDE | =3.3 | |
| KDE KDE | =3.2 | |
| KDE KDE | =3.2.3 | |
| KDE KDE | >=3.2<=3.4.0 | |
| Debian GNU/Linux | =3.1 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://www.kde.org/info/security/advisory-20050718-1.txt
- http://www.debian.org/security/2005/dsa-804
- http://www.securityfocus.com/bid/14297
- http://securitytracker.com/id?1014512
- http://secunia.com/advisories/16099
- http://www.redhat.com/support/errata/RHSA-2005-612.html
- http://www.novell.com/linux/security/advisories/2005_18_sr.html
- http://security.gentoo.org/glsa/glsa-200611-21.xml
- http://secunia.com/advisories/23099
- http://marc.info/?l=bugtraq&m=112171434023679&w=2
- https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Adef%3A9434
- http://www.securityfocus.com/archive/1/427976/100/0/threaded
Frequently Asked Questions
What is the severity of CVE-2005-1920?
CVE-2005-1920 is considered a moderate risk vulnerability due to improper permissions on backup files.
How can I fix CVE-2005-1920?
To fix CVE-2005-1920, update your KDE applications to a version later than 3.4.0 that addresses the permission issues.
What applications are affected by CVE-2005-1920?
CVE-2005-1920 affects the Kate and Kwrite applications in KDE versions 3.2.x through 3.4.0.
Can CVE-2005-1920 allow data exposure?
Yes, CVE-2005-1920 could allow local users and possibly remote attackers to obtain sensitive information from backup files.
What distributions are impacted by CVE-2005-1920?
CVE-2005-1920 impacts various distributions including KDE versions found in Debian GNU/Linux 3.1.
- collector/nvd-historical
- collector/nvd-index
- agent/references
- agent/type
- agent/first-publish-date
- agent/severity
- agent/remedy
- agent/weakness
- agent/description
- collector/mitre-cve
- source/MITRE
- agent/last-modified-date
- agent/event
- agent/source
- agent/tags
- agent/softwarecombine
- agent/author
- collector/nvd-api
- source/NVD
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/kde
- canonical/kde kde
- version/kde kde/3.3.2
- version/kde kde/3.3.1
- version/kde kde/3.2.2
- version/kde kde/3.2.1
- version/kde kde/3.4.0
- version/kde kde/3.4
- version/kde kde/3.3
- version/kde kde/3.2
- version/kde kde/3.2.3
- vendor/debian
- canonical/debian gnu/linux
- version/debian gnu/linux/3.1