| 2011-07-04 15:51:15 |
David |
description |
/usr/bin/getweb is vulnerable to "Insecure temporary file creation". [0]
While I don't know if anyone uses the getweb command. The script makes a temporary directory in /tmp called foo2zjs it then may download (depending on user input) one or more gzip and extract them in /tmp/foo2zjs.
However, the script does not check if the folder already exists / the return code of mkdir - so the script could possibly result in the over-writing of files or simply extra junk placed in $random places on the file-system.
[0] - http://cwe.mitre.org/data/definitions/377.html
[1] line 488
"
mkdir -p /tmp/foo2zjs
cd /tmp/foo2zjs
" |
/usr/bin/getweb is vulnerable to "Insecure temporary file creation". [0]
While I don't know if anyone uses the getweb command. The script makes a temporary directory in /tmp called foo2zjs it then may download (depending on user input) one or more gzip and extract them in /tmp/foo2zjs.
However, the script does not check if the folder already exists / the return code of mkdir - so the script could possibly result in the over-writing of files or simply extra junk placed in $random places on the file-system.
[0] - http://cwe.mitre.org/data/definitions/377.html
[1] line 488
"
mkdir -p /tmp/foo2zjs
cd /tmp/foo2zjs
" |
|
