Wednesday, June 23, 2021

Ruby on Rails flaw used to create botnet

A critical vulnerability in the Web application development framework Ruby on Rails is being exploited by hackers to compromise servers and build a botnet.

The vulnerability, known as CVE-2013-0156 was the subject of patch released by the Ruby on rails development team several months ago, according to Jeff Jamoc, security consultant with security research company Matasano Security.
 

“This vulnerability was the subject of much discussion, and an emergency RoR advisory back in January,” he said in his blog. “It’s pretty surprising that it’s taken this long to surface in the wild, but less surprising that people are still running vulnerable installations of Rails.

The exploit, he said, adds a scheduled task on Linux machines that executes a series of commands.

RELATED CONTENT

Ruby 2.0.0 released
WordPress hit by botnet

The commands download a malicious C source file from a remote server. The malware connects to an Internet Relay Chat server and connects to a channel where it receives commands from the attackers.

Jamoc described the exploits as a “pretty straightforward skiddy exploit.”

“Functionality is limited, but it includes the ability to download and execute files as commanded, as well as changing servers,” he said. “There’s no authentication performed, so an enterprising individual could hijack these bots fairly easily by joining the IRC server and issuing the appropriate commands.”


Read the full text of Jeff Jamoc’s post here

Would you recommend this article?

0
0

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication. Click this link to send me a note →

Jim Love, Chief Content Officer, IT World Canada

Related Tech News