Bugzilla – Bug 96043
VUL-0: CVE-2005-1920: kate backup file permission leak
Last modified: 2021-09-28 07:54:14 UTC
We received the following report via vendor-sec. This issue is not public yet, please keep any information about it inside SUSE. I guess you got the patch via kde-packagers already? Date: Tue, 12 Jul 2005 01:18:37 +0200 From: Dirk Mueller <mueller@kde.org> To: kde-packager@kde.org Cc: vendor-sec@lst.de, security@kde.org Subject: [vendor-sec] [PRENOTIFICATION] Kate backup file permission leak Hi, there is an older problem in kwrite/kate that somehow got lost in the handling.. see attached advisory and patch. -- Dirk//\ KDE Security Advisory: Kate backup file permission leak Original Release Date: 2005-07-18 URL: http://www.kde.org/info/security/advisory-20050718-1.txt 0. References CVE CAN XXXXXXXX https://bugs.kde.org/show_bug.cgi?id=103331 1. Systems affected: All maintained versions of Kate and Kwrite as shipped with KDE up to including 3.4.0. KDE 3.4.1 and newer is not affected. 2. Overview: Kate / Kwrite create a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. 3. Impact: Depending on the system security settings, backup files might be readable by other users. Kate / Kwrite are network transparent applications and therefore this vulnerability might not be restricted to local users. 4. Solution: Source code patches have been made available which fix these vulnerabilities. Contact your OS vendor / binary package provider for information about how to obtain updated binary packages. 5. Patch: A patch for KDE up to including 3.4.0 is available from ftp://ftp.kde.org/pub/kde/security_patches : 50f7bc6d8cf4b7aaa65e4e8062fc46c9 post-3.4.0-kdelibs-kate.diff
public according to Dirk
CAN-2005-1920 Are we affected or not?
for i in */suse/i586/kdelibs3.rpm; do echo -n "$i: "; rpm -qp $i; done 8.2-i386/suse/i586/kdelibs3.rpm: kdelibs3-3.1.1-157 9.0-i386/suse/i586/kdelibs3.rpm: kdelibs3-3.1.4-61 9.1-i386/suse/i586/kdelibs3.rpm: kdelibs3-3.2.1-44.50.3 9.1-i686/suse/i586/kdelibs3.rpm: kdelibs3-3.2.1-44.50.3 9.2-i386/suse/i586/kdelibs3.rpm: kdelibs3-3.3.0-34.8 9.2-i686/suse/i586/kdelibs3.rpm: kdelibs3-3.3.0-34.8 9.3-i386/suse/i586/kdelibs3.rpm: kdelibs3-3.4.0-20.6 9.3-i686/suse/i586/kdelibs3.rpm: kdelibs3-3.4.0-20.6 next-i386/suse/i586/kdelibs3.rpm: kdelibs3-3.4.1-5 next-i686/suse/i586/kdelibs3.rpm: kdelibs3-3.4.1-5 sles8-i386/suse/i586/kdelibs3.rpm: kdelibs3-3.0.3-215 sles8-slec-i386/suse/i586/kdelibs3.rpm: kdelibs3-3.1.1-157 sles9-i386/suse/i586/kdelibs3.rpm: kdelibs3-3.2.1-44.50.3 sles9-i686/suse/i586/kdelibs3.rpm: kdelibs3-3.2.1-44.50.3 sles9-jds-i386/suse/i586/kdelibs3.rpm: kdelibs3-3.2.1-44.52 sles9-sld-beta-i386/suse/i586/kdelibs3.rpm: kdelibs3-3.2.1-44.52 sles9-sld-i386/suse/i586/kdelibs3.rpm: kdelibs3-3.2.1-44.50.3 synctreetest/suse/i586/kdelibs3.rpm: kdelibs3-3.2.1-44.50.3 ul1-i386/suse/i586/kdelibs3.rpm: kdelibs3-3.0.3-215 so 9.1-9.3 and sles9 is affected for sure. about KDE 3.1.x and KDE 3.0.x I'm not sure, I think it is unaffected, but I need to find a system to test it first..
KDE 3.0.x not affected..
KDE repository digging showed that the vulnerable code was introdued 2002-12-18, thats after 3.1.x branching, and the backports doesn't seem to include that. That would indicate that 3.1.x is not affected as well.
STABLE not affected
$ ls -1d /work/src/done/*/kdelibs3 /work/src/done/9.1/kdelibs3 /work/src/done/9.2/kdelibs3 /work/src/done/9.3/kdelibs3 /work/src/done/SLES9/kdelibs3
there is a small problem with sles9-beta, since it has a newer kdelibs3 will clear that tomorrow.
fixed sles9-beta as well
SM-Tracker-1809
Ok if I remove 8.2/9.0 from kdelibs3.patch.box?
yes, 8.2 and 9.0 are not affected by this bug.
ping.. nothing happening..
it's in the qa queue
updates released
CVE-2005-1920: CVSS v2 Base Score: 5.0 (AV:N/AC:L/Au:N/C:P/I:N/A:N)