A critical vulnerability in the Web application development framework Ruby on Rails is being exploited by hackers to compromise servers and build a botnet.

The vulnerability, known as CVE-2013-0156 was the subject of patch released by the Ruby on rails development team several months ago, according to Jeff Jamoc, security consultant with security research company Matasano Security.

“This vulnerability was the subject of much discussion, and an emergency RoR advisory back in January,” he said in his blog. “It’s pretty surprising that it’s taken this long to surface in the wild, but less surprising that people are still running vulnerable installations of Rails.

The exploit, he said, adds a scheduled task on Linux machines that executes a series of commands.


Ruby 2.0.0 released
WordPress hit by botnet

The commands download a malicious C source file from a remote server. The malware connects to an Internet Relay Chat server and connects to a channel where it receives commands from the attackers.

Jamoc described the exploits as a “pretty straightforward skiddy exploit.”

“Functionality is limited, but it includes the ability to download and execute files as commanded, as well as changing servers,” he said. “There’s no authentication performed, so an enterprising individual could hijack these bots fairly easily by joining the IRC server and issuing the appropriate commands.”

Read the full text of Jeff Jamoc’s post here

Related Download
The CIO's Guide to UEM Sponsor: BlackBerry
The CIO’s Guide to UEM

Register Now