[LRUG] Serious Vulnerability in all versions of Rails. Upgrade now.

Michael Baldry michael at brightbits.co.uk
Fri Jan 11 06:16:10 PST 2013


This vulnerability is now in metasploit. this basically means any 13 year
old with a computer can type a command that will drop them to a console on
YOUR server.

https://github.com/rapid7/metasploit-framework/pull/1281

patch now.


On Wed, Jan 9, 2013 at 3:48 PM, Frederick Cheung <frederick.cheung at gmail.com
> wrote:

>
>
> On 9 Jan 2013, at 16:38, Jonathan del Strother <maillist at steelskies.com>
> wrote:
> > and if this is news to you, you probably ought to subscribe to the
> > rubyonrails-security group so you get emailed instantly whenever they
> > announce anything like this.
> >
> > I'm not sure if it's intentional, but it seems like their security
> > issues are alway announced late evening in UK time. I always seem to
> > be staying up late fixing stuff as a result...
>
> Aaron Patterson does a lot of those and he's on PST, and Michael Koziarski
> is in New Zealand, so it's probably more about fitting in with their day.
>
> Fred
> > _______________________________________________
> > Chat mailing list
> > Chat at lists.lrug.org
> > http://lists.lrug.org/listinfo.cgi/chat-lrug.org
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>



-- 
Michael



www.brightbits.co.uk

Company number: 08133555
Registered in England
Registered office: 22 Finwell Road, Rainham, Kent, ME8 7PY
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20130111/1fd76e20/attachment.html>


More information about the Chat mailing list