CVE-2005-1920 — HIGH (7.5) — White Hats Nepal

Q: How severe is CVE-2005-1920?

CVE-2005-1920 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Q: Is there a patch for CVE-2005-1920?

Check the references section above for vendor advisories and patch information. Affected products include: Kde Kde, Debian Debian Linux.

Vulnerability Description

The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and possibly remote attackers to obtain sensitive information.

CVSS Score

7.5

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality

HIGH

Integrity

NONE

Availability

NONE

Affected Products

Vendor	Product	Versions
Kde	Kde	>= 3.2, <= 3.4.0
Debian	Debian Linux	3.1

Related Weaknesses (CWE)

CWE-281

References

http://marc.info/?l=bugtraq&m=112171434023679&w=2Mailing List
http://secunia.com/advisories/16099Broken Link
http://secunia.com/advisories/23099Broken Link
http://security.gentoo.org/glsa/glsa-200611-21.xmlThird Party Advisory
http://securitytracker.com/id?1014512Broken LinkThird Party AdvisoryVDB Entry
http://www.debian.org/security/2005/dsa-804Third Party Advisory
http://www.kde.org/info/security/advisory-20050718-1.txtPatchVendor Advisory
http://www.novell.com/linux/security/advisories/2005_18_sr.htmlBroken Link
http://www.redhat.com/support/errata/RHSA-2005-612.htmlBroken Link
http://www.securityfocus.com/archive/1/427976/100/0/threadedBroken LinkThird Party AdvisoryVDB Entry
http://www.securityfocus.com/bid/14297Broken LinkThird Party AdvisoryVDB Entry
https://oval.cisecurity.org/repository/search/definition/oval%3Aorg.mitre.oval%3Broken Link
http://marc.info/?l=bugtraq&m=112171434023679&w=2Mailing List
http://secunia.com/advisories/16099Broken Link
http://secunia.com/advisories/23099Broken Link

FAQ

What is CVE-2005-1920?

CVE-2005-1920 is a vulnerability with a CVSS score of 7.5 (HIGH). The (1) Kate and (2) Kwrite applications in KDE KDE 3.2.x through 3.4.0 do not properly set the same permissions on the backup file as were set on the original file, which could allow local users and ...

How severe is CVE-2005-1920?

CVE-2005-1920 has been rated HIGH with a CVSS base score of 7.5/10. Review the CVSS metrics above for detailed severity breakdown.

Is there a patch for CVE-2005-1920?

Check the references section above for vendor advisories and patch information. Affected products include: Kde Kde, Debian Debian Linux.