The SuSEconfig.javarunt script contains a flaw that may allow a malicious local user to overwrite arbitrary files on the system. The issue is triggered when the script creates insecure symlinks in /tmp, which may be modified by the attacker to point to the files they wish to overwrite. It is possible that the flaw may allow overwriting of critical system files, resulting in a loss of integrity and/or a root compromise (if, for example, the attacker overwrote /etc/master.passwd).
Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround(s):
Replace all instances of /tmp/.java_wrapper in the script with /root/.java_wrapper.$$.