Ruby on Rails exploit builds IRC bot

By

Bot open for hijack.

An exploit has surfaced in the wild that is building a botnet of Internet Relay Chat servers using a five-month old vulnerability in Ruby on Rails.

Ruby on Rails exploit builds IRC bot

Two patches were issued that closed off "extremely critical" parameter parsing flaws present in all versions of Ruby on Rails which could allows attackers to bypass authentication and execute arbitrary code in Rails apps.

"It's pretty surprising that it's taken this long to surface in the wild, but less surprising that people are still running vulnerable installations of Rails," security consultant Jeff Jarmoc said in a blog. "It also appears to be affecting some web hosts."

The exploits are being launched for IP addresses that trace to Germany, Russia and Ukraine.

"Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers," Jarmoc wrote.

The "pretty straightforward skiddy exploit" built an IRC bot that connected to a known malicious host and joined the #rails channel without the use of a channel key.

It executed only once on an infected host.

"There’s no authentication performed, so an enterprising individual could hijack these bots fairly easily by joining the IRC server and issuing the appropriate commands."

- With Darren Pauli

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
exploitspatchingruby on railssecurityvulnerabilities

Sponsored Whitepapers

See everything. Do more.
See everything. Do more.
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Lindentech Secures Digital Identity with Zero Trust and Microsoft Entra
Diamond IT Delivers GRC Transformation with Microsoft Purview
Diamond IT Delivers GRC Transformation with Microsoft Purview
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Linktech Powers Energy Trader’s Essential Eight Compliance in Just Eight Weeks
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy
Byte Delivers Future-Ready IT: Transforming Endpoint Security and Productivity with a Cloud-First Strategy

Events

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers
Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies
Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound
Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?