[LRUG] Serious Vulnerability in all versions of Rails. Upgrade now.
Matthew Rudy Jacobs
matthewrudyjacobs at gmail.com
Fri Jan 11 08:21:51 PST 2013
as of yesterday the metasploit scanner seemed to have a bug.
maybe that's been fixed now.
Alternatively @beng pointed out you could use the exploit to patch a
client's servers for them.
On 11 Jan, 2013 4:03 PM, "Najaf Ali" <ali at happybearsoftware.com> wrote:
> As I've been telling all past clients/projects, if you don't upgrade your
> web-facing boxes right now, the vulnerability is such that I can go ahead
> do it for you :P
>
> -Ali
>
>
> On Fri, Jan 11, 2013 at 2:16 PM, Michael Baldry <michael at brightbits.co.uk>wrote:
>
>> This vulnerability is now in metasploit. this basically means any 13 year
>> old with a computer can type a command that will drop them to a console on
>> YOUR server.
>>
>> https://github.com/rapid7/metasploit-framework/pull/1281
>>
>> patch now.
>>
>>
>> On Wed, Jan 9, 2013 at 3:48 PM, Frederick Cheung <
>> frederick.cheung at gmail.com> wrote:
>>
>>>
>>>
>>> On 9 Jan 2013, at 16:38, Jonathan del Strother <maillist at steelskies.com>
>>> wrote:
>>> > and if this is news to you, you probably ought to subscribe to the
>>> > rubyonrails-security group so you get emailed instantly whenever they
>>> > announce anything like this.
>>> >
>>> > I'm not sure if it's intentional, but it seems like their security
>>> > issues are alway announced late evening in UK time. I always seem to
>>> > be staying up late fixing stuff as a result...
>>>
>>> Aaron Patterson does a lot of those and he's on PST, and Michael
>>> Koziarski is in New Zealand, so it's probably more about fitting in with
>>> their day.
>>>
>>> Fred
>>> > _______________________________________________
>>> > Chat mailing list
>>> > Chat at lists.lrug.org
>>> > http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>>> _______________________________________________
>>> Chat mailing list
>>> Chat at lists.lrug.org
>>> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>>>
>>
>>
>>
>> --
>> Michael
>>
>>
>>
>> www.brightbits.co.uk
>>
>> Company number: 08133555
>> Registered in England
>> Registered office: 22 Finwell Road, Rainham, Kent, ME8 7PY
>>
>> _______________________________________________
>> Chat mailing list
>> Chat at lists.lrug.org
>> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>>
>>
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20130111/6203bfe0/attachment.html>
More information about the Chat
mailing list