User: Password:
Subscribe / Log in / New account

kdelibs: kate backup file permission leak

Package(s):kdelibs kate kwrite CVE #(s):CAN-2005-1920
Created:July 19, 2005 Updated:September 21, 2010
Description: Kate / Kwrite, as shipped with KDE 3.2.x up to including 3.4.0, creates a file backup before saving a modified file. These backup files are created with default permissions, even if the original file had more strict permissions set. See this advisory for more information.
Gentoo 200611-21 kile 2006-11-27
Debian DSA-804-2 kdelibs 2005-11-10
Debian DSA-804-1 kdelibs 2005-09-08
Red Hat RHSA-2005:612-01 kdelibs 2005-07-27
Ubuntu USN-150-1 kdelibs 2005-07-21
Mandriva MDKSA-2005:122 kdelibs 2005-07-20
Fedora FEDORA-2005-594 kdelibs 2005-07-19

(Log in to post comments)

kdelibs: kate backup file permission leak

Posted Sep 21, 2010 17:59 UTC (Tue) by corymartinez (guest, #70247) [Link]

Hmm the idea that someone else can read your files by parsing the backup is no that great. Although this can be used perfectly if you are storing the files in a secure location anyway, which is what many people like to do. I've been looking at some paid alternatives such as online storage and Syncing. There are free services among them too, but I won't trust a company with my files if they aren't charging me money for the service. That only means they expect to get their money in other ways which I most probably won't like.

Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds