### Key Information #### Upstream Information - **CVE ID**: CVE-2012-0427 - **Description**: yast2-add-on-creator in SUSE inst-source-utils version 2008.11.26 (prior to 2008.11.26-0.9.1 and 2012.9.13-0.8.1) allows local users to gain privileges via crafted filenames or directory names. #### SUSE Information - **Overall Status**: Resolved - **Severity**: Important #### CVSS v2 Score - **Authentication**: None - **Confidentiality Impact**: Complete - **Integrity Impact**: Complete - **Availability Impact**: Complete #### SUSE Bugzilla Entry - 604730 [RESOLVED / FIXED] #### SUSE Security Announcement - **Announcement ID**: SUSE-SU-2012:1529-1 - **Release Date**: November 22, 2012, 13:08:27 MST #### Released Package List | Product(s) | Fixed Package Version(s) | Reference | |------------|------------------------|-----------| | SUSE Linux Enterprise Desktop 11 SP2 | inst-source-utils >= 2012.9.13-0.8.1 | Patchnames: sdksp2-inst-source-utils sislp2-inst-source-utils | | SUSE Linux Enterprise Server 11 SP2SUSE Linux Enterprise Server for SAP Applications 11 SP2 | inst-source-utils >= 2012.9.13-0.8.1 | Patchnames: sdksp2-inst-source-utils sislp2-inst-source-utils | | SUSE Linux Enterprise Software Development Kit 11 SP2 | inst-source-utils >= 2012.9.13-0.8.1 | Patchnames: sdksp2-inst-source-utils | #### Issue Status by Product and Package - The table lists the status of affected and released products and packages. #### SUSE Timeline - **CVE Page Creation Date**: June 28, 2013, 08:45:55 - **CVE Page Last Modified Date**: October 6, 2025, 18:17:43