18063 : KDE Kate/KWrite Backup File Insecure Permission Information Disclosure
Printer | http://osvdb.org/18063 | Email This | Edit Vulnerability

Views This Week	Views All Time	Added to OSVDB	Last Modified	Modified (since 2008)	Percent Complete
1	199	over 6 years ago	over 3 years ago	0 times	90%

Timeline

Disclosure Date	Exploit Publish Date
2005-04-06	2005-04-06

Keywords

umask

Description

Kate/KWrite create a file backup before saving a modified file. These backup files are created with default permissions (as set by umask), even if the original file had more strict permissions set. Depending on system setup, relaxed permissions may make the backup file readable to users who would not have read permission to the original file. Kate/KWrite are network transparent, therefore this disclosure might not be limited to local users.

Classification

Location: Local Access Required
Attack Type: Information Disclosure, Race Condition
Impact: Loss of Confidentiality
Exploit: Exploit Public
Disclosure: OSVDB Verified, Vendor Verified

Solution

Upgrade to KDE version 3.4.1 or higher, as it has been reported to fix this vulnerability. Code patches are provided by KDE for all vulnerable versions.
Contact your OS vendor / binary package provider for information about how to obtain updated binary packages.

Products

KDE Project	K Desktop Environment	3.2.x
		3.3.x
		3.4.0

References

Security Tracker: 1014512
Secunia Advisory ID: 16099 16138 16160 16247 16745
CVE ID: 2005-1920 (see also: NVD)
Mail List Post: http://archives.neohapsis.com/archives/bugtraq/2005-07/0276.html
Other Advisory URL: http://frontal1.mandriva.com/security/advisories?name=MDKSA-2005:122
http://www.debian.org/security/2005/dsa-804
http://www.ubuntulinux.org/support/documentation/usn/usn-150-1
Vendor Specific Advisory URL: http://www.kde.org/info/security/advisory-20050718-1.txt
Vendor Specific News/Changelog Entry: https://bugs.kde.org/show_bug.cgi?id=103331
RedHat RHSA: RHSA-2005:612
Keyword: umask

Tools & Filters

	19230 19265 19332 19338 19611 20548 23729

Manual Testing Notes

Credit

- bjoerncs.tu-berlin.de -

CVSSv2 Score

CVSSv2 Base Score = 5.0
Source: nvd.nist.gov | Generated: 2005-07-27 | Disagree?

Blogs

This product uses the Daylife API but is not endorsed or certified by Daylife.

This section lists the latest news and blogs found via the daylife API (and for older items, the technorati API), which mention or otherwise discuss this vulnerability.

None found at this time

Comments

Add Comment Hide Add Comment

Anonymous - 2006/05/18 02:17:46

I still see this problem on Kate 3.4.3, Ubuntu 5.10. It may happened when I played around a month ago with umask and others, as I dont completely understand the whole concept of having users in one group and make all files rw by all members of this group. At least now as executable marked files are cleared after saving the file, which is not a security problem but a nuisance.

The database information may change without any notice. Use of the information constitutes acceptance for use in an AS IS condition, and there are NO warranties, implied or otherwise, with regard to this information or its use. Any use of this information is at the user's risk. In no event shall the copyright holder or distributor (OSVDB or OSF) be held liable for any damages whatsoever arising out of or in connection with the use or spread of this information.