CVE-2012-0420
First published: Mon Dec 02 2013(Updated: )
zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable.
Credit: cve@mitre.org
| Affected Software | Affected Version | How to fix |
|---|---|---|
| openSUSE zypper | <=1.2.8 | |
| openSUSE zypper | =0.11.6 | |
| openSUSE zypper | =1.0.2 | |
| openSUSE zypper | =1.6.16 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2012-0420?
CVE-2012-0420 has a medium severity rating due to its potential impact on local file system integrity.
How do I fix CVE-2012-0420?
To fix CVE-2012-0420, upgrade to Zypper version 1.3.20 or later to mitigate the vulnerability.
Who is affected by CVE-2012-0420?
Users of SUSE Zypper versions prior to 1.3.20 or in the 1.6.x series before 1.6.166 are affected by CVE-2012-0420.
What type of vulnerability is CVE-2012-0420?
CVE-2012-0420 is a local file creation vulnerability that allows unauthorized file writes in arbitrary directories.
What environments are impacted by CVE-2012-0420?
CVE-2012-0420 impacts environments running affected versions of SUSE Zypper, particularly in local user contexts.
- agent/references
- agent/softwarecombine
- agent/type
- collector/mitre-cve
- source/MITRE
- agent/severity
- agent/author
- agent/last-modified-date
- agent/first-publish-date
- agent/event
- agent/description
- agent/source
- agent/tags
- collector/nvd-index
- agent/software-canonical-lookup-request
- vendor/opensuse
- canonical/opensuse zypper
- version/opensuse zypper/1.2.8
- version/opensuse zypper/0.11.6
- version/opensuse zypper/1.0.2
- version/opensuse zypper/1.6.16