Arbitrary File Creation Vulnerability in zypp-refresh-wrapper

Arbitrary File Creation Vulnerability in zypp-refresh-wrapper

CVE-2012-0420 · MEDIUM Severity

AV:L/AC:M/AU:N/C:P/I:P/A:P

zypp-refresh-wrapper in SUSE Zypper before 1.3.20 and 1.6.x before 1.6.166 allows local users to create files in arbitrary directories, or possibly have unspecified other impact, via a pathname in the ZYPP_LOCKFILE_ROOT environment variable.

Learn more about our Cis Benchmark Audit For Suse Linux Enterprise Server.