[Uronode] tmUnblock.cgi

Brian n1uro at n1uro.ampr.org
Sun Oct 5 12:51:59 CDT 2014


On Sun, 2014-10-05 at 17:21 +0200, sp2lob wrote:

> Following Shellshock...
> There is another hole, called  tmUnblock.cgi
> targetted on some Cisco Linksys routers:
>     http://www.scip.ch/en/?vuldb.12362

Thanks for the information!

> More info on Internet, for instance:
> http://security.stackexchange.com/questions/68405/what-is-tmunblock-cgi-and-can-it-be-exploited-by-shellshock-linux-apache-w

According to that link though, it mainly affects cisco linksys routers
where people are running web servers on them, so it shouldn't be overly
impactive - more an annoyance than anything.

> Even targeted at specific hardware, it is poking everywhere...
> Short extract from my apache2.log
> - - [05/Oct/2014:14:03:33 +0200] "GET /tmUnblock.cgi 
> HTTP/1.1" 400 518 "-" "-"

Your system loves those russian IPs eh? :)

73 de Brian Rogers - N1URO
email: <n1uro at n1uro.ampr.org>
Web: http://www.n1uro.net/
Ampr1: http://n1uro.ampr.org/
Ampr2: http://nos.n1uro.ampr.org
Linux Amateur Radio Services
axMail-Fax & URONode
AmprNet coordinator for:
Connecticut, Delaware, Maine,
Maryland, Massachusetts, 
New Hampshire, Pennsylvania, 
Rhode Island, and Vermont.

More information about the Uronode mailing list