BT

New Early adopter or innovator? InfoQ has been working on some new features for you. Learn more

Derailed: Hackers Exploit Months Old Rails Flaw

| by Jeff Martin on May 30, 2013. Estimated reading time: 1 minute |

Users and administrators of Ruby-On-Rails sites are finding themselves being targeted by malware that exploits a Ruby vulnerability publicized in January 2013.  Once exploited, unpatched systems are directed download specific code from a remote computer that will cause the system to compile an Internet Relay Chat (IRC) client to join a specific channel and await further instructions.  These attacks provide a sharp reminder on the importance of prompt patch deployment as lax security policies are exposed.   

The original flaw, announced in CVE-2013-0156, is located in the Ruby on Rails code that processes parameters.  As noted by Aaron Patterson:

There are multiple weaknesses in the parameter parsing code for Ruby on Rails which allows attackers to bypass authentication systems, inject arbitrary SQL, inject and execute arbitrary code, or perform a DoS attack on a Rails application.

 

Coinciding with this announcement, Patterson’s description of the flaw provided information on where to obtain the patches that were available for multiple Rails versions.  Yet 4 months later it seems many sites remain unpatched and vulnerable.  Affected users have voiced their frustration as their systems become infected.  Security blogger Jeff Jarmoc has provided a detailed walkthrough of this current exploit, which includes source code for the program that the infected system runs to receive instructions through IRC.

Users wishing to see if their server is vulnerable can try Tinfoil Security’s Railscheck.  The Code Climate Blog has explained how the original flaw worked and provides a proof of concept for those seeking more details.

Rate this Article

Adoption Stage
Style

Hello stranger!

You need to Register an InfoQ account or or login to post comments. But there's so much more behind being registered.

Get the most out of the InfoQ experience.

Tell us what you think

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread
Community comments

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Allowed html: a,b,br,blockquote,i,li,pre,u,ul,p

Email me replies to any of my messages in this thread

Discuss

Login to InfoQ to interact with what matters most to you.


Recover your password...

Follow

Follow your favorite topics and editors

Quick overview of most important highlights in the industry and on the site.

Like

More signal, less noise

Build your own feed by choosing topics you want to read about and editors you want to hear from.

Notifications

Stay up-to-date

Set up your notifications and dont miss out on content that matters to you

BT