CVE-2012-0420

Published: Dec 2, 2013Modified: Apr 29, 2026

4.4

Vector

AV:L/AC:M/Au:N/C:P/I:P/A:P

Exploitability: 3.4 / Impact: 6.4

Source: NVD

Description

zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable.

Affected (4)

Products: Opensuse: Zypper

Opensuse

1 product

Zypper

Configuration A

4 vulnerable

Vulnerable Software	Affected Versions
Opensuse Zypper	Up to 1.2.8
Opensuse Zypper	Version 0.11.6
Opensuse Zypper	Version 1.0.2
Opensuse Zypper	Version 1.6.16

References (4)

https://bugzilla.novell.com/show_bug.cgi?id=770630

Source: cve@mitre.org

https://support.novell.com/security/cve/CVE-2012-0420.html

Source: cve@mitre.org

Vendor Advisory

https://bugzilla.novell.com/show_bug.cgi?id=770630

Source: af854a3a-2127-422b-91ae-364da2661108

https://support.novell.com/security/cve/CVE-2012-0420.html

Source: af854a3a-2127-422b-91ae-364da2661108

Vendor Advisory

Timeline

No history available yet.