Vulnerability Name:

CVE-2012-0427 (CCN-89951)

Assigned:2012-12-05
Published:2012-12-05
Updated:2018-10-30
Summary:yast2-add-on-creator in SUSE inst-source-utils 2008.11.26 before 2008.11.26-0.9.1 and 2012.9.13 before 2012.9.13-0.8.1 allows local users to gain privileges via a crafted (1) file name or (2) directory name.
OpenSuse 11.4 is vulnerable per https://bugzilla.novell.com/show_bug.cgi?id=604730
CVSS v3 Severity:4.0 Medium (CCN CVSS v3.1 Vector: CVSS:3.1/AV:L/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N)
Exploitability Metrics:Attack Vector (AV): Local
Attack Complexity (AC): Low
Privileges Required (PR): None
User Interaction (UI): None
Scope:Scope (S): Unchanged
Impact Metrics:Confidentiality (C): None
Integrity (I): Low
Availibility (A): None
CVSS v2 Severity:7.2 High (CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C)
5.3 Medium (Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:C/I:C/A:C/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Authentication (Au): None
Impact Metrics:Confidentiality (C): Complete
Integrity (I): Complete
Availibility (A): Complete
2.1 Low (CCN CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N)
1.6 Low (CCN Temporal CVSS v2 Vector: AV:L/AC:L/Au:N/C:N/I:P/A:N/E:U/RL:OF/RC:C)
Exploitability Metrics:Access Vector (AV): Local
Access Complexity (AC): Low
Athentication (Au): None
Impact Metrics:Confidentiality (C): None
Integrity (I): Partial
Availibility (A): None
Vulnerability Type:CWE-264
Vulnerability Consequences:Gain Privileges
References:Source: MITRE
Type: CNA
CVE-2012-0427

Source: CCN
Type: Novell Web Site
inst-source-utils 6817

Source: CONFIRM
Type: UNKNOWN
http://download.novell.com/Download?buildid=tGCXHQR48E4~

Source: CCN
Type: Bugzilla Bug 604730
yast2-add-on-creator: inst-source-utils: Add-On Creator cannot handle spaces in path properly

Source: CONFIRM
Type: Exploit
https://bugzilla.novell.com/show_bug.cgi?id=604730

Source: CCN
Type: yast2-add-on-creator Web Site
yast2-add-on-creator

Source: XF
Type: UNKNOWN
suse-yast-cve20120427-privilege-escalation(89951)

Source: CCN
Type: Novell Security Web Site
Novell Security

Source: CONFIRM
Type: Vendor Advisory
https://support.novell.com/security/cve/CVE-2012-0427.html

Vulnerable Configuration:Configuration 1:
  • cpe:/o:opensuse:opensuse:11.4:*:*:*:*:*:*:*

  • * Denotes that component is vulnerable
    Oval Definitions
    Definition IDClassTitleLast Modified
    oval:org.opensuse.security:def:20120427
    V
    CVE-2012-0427
    2022-05-20
    oval:org.opensuse.security:def:33112
    P
    Security update for python-numpy (Moderate) (in QA)
    2022-01-17
    oval:org.opensuse.security:def:33024
    P
    Security update for util-linux (Moderate)
    2021-10-19
    oval:org.opensuse.security:def:32967
    P
    Security update for systemd (Important)
    2021-07-21
    oval:org.opensuse.security:def:33073
    P
    Security update for wpa_supplicant (Important)
    2021-02-15
    oval:org.opensuse.security:def:28927
    P
    Security update for the Linux Kernel (Live Patch 38 for SLE 12 SP2) (Important)
    2021-02-10
    oval:org.opensuse.security:def:29030
    P
    Security update for MozillaFirefox (Important)
    2020-12-01
    oval:org.opensuse.security:def:32724
    P
    libpng12-0 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28418
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33856
    P
    Security update for inst-source-utils
    2020-12-01
    oval:org.opensuse.security:def:29086
    P
    Security update for evince (Important)
    2020-12-01
    oval:org.opensuse.security:def:28634
    P
    Security update for augeas
    2020-12-01
    oval:org.opensuse.security:def:32349
    P
    Security update for sqlite3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:29768
    P
    Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:28775
    P
    Security update for LibVNCServer (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32438
    P
    Security update for xen (Important)
    2020-12-01
    oval:org.opensuse.security:def:28338
    P
    Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33135
    P
    libMagickCore1-32bit on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28981
    P
    Security update for tiff (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32667
    P
    fuse on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28350
    P
    Recommended update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33817
    P
    Security update for glibc (Important)
    2020-12-01
    oval:org.opensuse.security:def:29069
    P
    Security update for clamav (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:32811
    P
    xterm on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28549
    P
    Security update for Mozilla Firefox
    2020-12-01
    oval:org.opensuse.security:def:32348
    P
    Security update for sqlite3 (Important)
    2020-12-01
    oval:org.opensuse.security:def:29130
    P
    Security update for the Linux Kernel (Important)
    2020-12-01
    oval:org.opensuse.security:def:28691
    P
    Security update for freetype2
    2020-12-01
    oval:org.opensuse.security:def:32360
    P
    Security update for strongswan (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:29804
    P
    Security update for inst-source-utils
    2020-12-01
    oval:org.opensuse.security:def:32573
    P
    libxml2 on GA media (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:28339
    P
    Security update for php53 (Moderate)
    2020-12-01
    oval:org.opensuse.security:def:33179
    P
    libsamplerate on GA media (Moderate)
    2020-12-01
    BACK
    opensuse opensuse 11.4