Ruby on Rails exploit builds IRC bot

By on
Ruby on Rails exploit builds IRC bot

An exploit has surfaced in the wild that is building a botnet of Internet Relay Chat servers using a five-month old vulnerability in Ruby on Rails.

Two patches were issued that closed off "extremely critical" parameter parsing flaws present in all versions of Ruby on Rails which could allows attackers to bypass authentication and execute arbitrary code in Rails apps.

"It's pretty surprising that it's taken this long to surface in the wild, but less surprising that people are still running vulnerable installations of Rails," security consultant Jeff Jarmoc said in a blog. "It also appears to be affecting some web hosts."

The exploits are being launched for IP addresses that trace to Germany, Russia and Ukraine.

"Functionality is limited, but includes the ability to download and execute files as commanded, as well as changing servers," Jarmoc wrote.

The "pretty straightforward skiddy exploit" built an IRC bot that connected to a known malicious host and joined the #rails channel without the use of a channel key.

It executed only once on an infected host.

"There’s no authentication performed, so an enterprising individual could hijack these bots fairly easily by joining the IRC server and issuing the appropriate commands."

- With Darren Pauli

This article originally appeared at scmagazineus.com

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © SC Magazine, US edition
Tags:
exploits patching ruby on rails security vulnerabilities

Partner Content

Kaseya Dattocon APAC 2024 is Back
Kaseya Dattocon APAC 2024 is Back
Ingram Micro Ushers in the Age of Ultra
Ingram Micro Ushers in the Age of Ultra
Tech For Good program gives purpose and strong business outcomes
Tech For Good program gives purpose and strong business outcomes
Channel can help lead customers to boosting workplace wellbeing with professional headsets
Channel can help lead customers to boosting workplace wellbeing with professional headsets
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program
How NinjaOne Is Supporting The Channel As It Builds An Innovative Global Partner Program

Sponsored Whitepapers

Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
Stop Fraud Before It Starts: A Must-Read Guide for Safer Customer Communications
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
The Cybersecurity Playbook for Partners in Asia Pacific and Japan
Pulseway Essential Eight Framework
Pulseway Essential Eight Framework
7 Best Practices For Implementing Human Risk Management
7 Best Practices For Implementing Human Risk Management
2025 State of Machine Identity Security Report
2025 State of Machine Identity Security Report

Events

techpartner.news MSP index - Brisbane
techpartner.news MSP index - Brisbane
techpartner.news Channel Leader List / Golf day
techpartner.news Channel Leader List / Golf day
techpartner.news Pipeline Conference 2025
techpartner.news Pipeline Conference 2025
Integrate Expo 2025
Integrate Expo 2025
Security Exhibition & Conference 2025
Security Exhibition & Conference 2025

Most read articles

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services

AI ambition: Nick Beaugeard looks to harness AI agents to provide tech services
Vic gov to spend $100m on cyber security

Vic gov to spend $100m on cyber security
MSPs pressed to review ransomware response as new reporting rules commence

MSPs pressed to review ransomware response as new reporting rules commence
Tech Research Asia to present Australian IT M&A report

Tech Research Asia to present Australian IT M&A report

Log in

Email:
Password:
  |  Forgot your password?
By using our site you accept that we use and share cookies and similar technologies to perform analytics and provide content and ads tailored to your interests. By continuing to use our site, you consent to this. Please see our Cookie Policy for more information.