Local File Write Vulnerability in SUSE Zypper Affected by Environment Variable Manipulation
CVE-2012-0420

Currently unrated

Key Information:

Vendor: Opensuse
Status: Zypper
Vendor: CVE Published:; 2 December 2013

What is CVE-2012-0420?

The zypp-refresh-wrapper component in SUSE Zypper prior to version 1.3.20 and versions 1.6.x prior to 1.6.166 is vulnerable to a local file write issue. This vulnerability is exploited through manipulation of the ZYPP_LOCKFILE_ROOT environment variable, allowing local users to create files in arbitrary directories. The implications can lead to unintended changes in the file system, potentially affecting the integrity and security of the system.

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.

Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.

Deploy the Patch

References

https://bugzilla.novell.com/show_bug.cgi?id=770630

x_refsource_CONFIRM

https://support.novell.com/security/cve/CVE-2012-0420.html

x_refsource_CONFIRM

Timeline

Vulnerability published
Dec 2, 2013
Vulnerability Reserved
Jan 9, 2012

JSON

Opensuse

What is CVE-2012-0420?

Human OS v1.0: Ageing Is an Unpatched Zero-Day Vulnerability.

References

Timeline

Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.