/usr/bin/getweb is vulnerable to "Insecure temporary file creation". [0]
While I don't know if anyone uses the getweb command. The script makes a temporary directory in /tmp called foo2zjs it then may download (depending on user input) one or more gzip and extract them in /tmp/foo2zjs.
However, the script does not check if the folder already exists / the return code of mkdir - so the script could possibly result in the over-writing of files or simply extra junk placed in $random places on the file-system.
/usr/bin/getweb is vulnerable to "Insecure temporary file creation". [0]
While I don't know if anyone uses the getweb command. The script makes a temporary directory in /tmp called foo2zjs it then may download (depending on user input) one or more gzip and extract them in /tmp/foo2zjs.
However, the script does not check if the folder already exists / the return code of mkdir - so the script could possibly result in the over-writing of files or simply extra junk placed in $random places on the file-system.
[0] - http:// cwe.mitre. org/data/ definitions/ 377.html
[1] line 488
"
mkdir -p /tmp/foo2zjs
cd /tmp/foo2zjs
"