Ruby On Rails Exploit Used To Build IRC Botnet

Posted by Unknown on Wednesday May 29, 2013 @02:31AM from the bad-script-kiddie dept.

Trailrunner7 writes "Developers who have not updated their Ruby on Rails installations with a five-month-old security patch would do well to secure the Web development framework now. Exploit code has surfaced for CVE-2013-0156 that is being used to build a botnet of compromised servers. Exploit code has been publicly available since the vulnerability was disclosed in January on Github and Metasploit, yet the vulnerability had not been exploited on a large scale until now, said security researcher Jeff Jarmoc." One reason your web server firewall might want to block IRC connections to arbitrary hosts.

1 of 91 comments (clear)

Min score:

Reason:

Sort:

Re:Hah! by wumpus188 · 2013-05-29 10:23 · Score: 4, Informative

(1) Rails and Ruby was virtually unheard of until 2007-2008 and definitely was not in mainstream use until that time.
(2) This vulnerability has nothing to do with "cryptographic key"; it is related to the fact that default YAML parser allows serializing/deserializing and executing arbitrary Ruby code (including objects) and ActiveSupport didn't properly sanitize the input.