Local File Write Vulnerability in SUSE Zypper Affected by Environment Variable Manipulation
CVE-2012-0420
Currently unrated
What is CVE-2012-0420?
The zypp-refresh-wrapper component in SUSE Zypper prior to version 1.3.20 and versions 1.6.x prior to 1.6.166 is vulnerable to a local file write issue. This vulnerability is exploited through manipulation of the ZYPP_LOCKFILE_ROOT environment variable, allowing local users to create files in arbitrary directories. The implications can lead to unintended changes in the file system, potentially affecting the integrity and security of the system.