[LRUG] Serious Vulnerability in all versions of Rails. Upgrade now.

Najaf Ali ali at happybearsoftware.com
Fri Jan 11 08:02:50 PST 2013


As I've been telling all past clients/projects, if you don't upgrade your
web-facing boxes right now, the vulnerability is such that I can go ahead
do it for you :P

-Ali


On Fri, Jan 11, 2013 at 2:16 PM, Michael Baldry <michael at brightbits.co.uk>wrote:

> This vulnerability is now in metasploit. this basically means any 13 year
> old with a computer can type a command that will drop them to a console on
> YOUR server.
>
> https://github.com/rapid7/metasploit-framework/pull/1281
>
> patch now.
>
>
> On Wed, Jan 9, 2013 at 3:48 PM, Frederick Cheung <
> frederick.cheung at gmail.com> wrote:
>
>>
>>
>> On 9 Jan 2013, at 16:38, Jonathan del Strother <maillist at steelskies.com>
>> wrote:
>> > and if this is news to you, you probably ought to subscribe to the
>> > rubyonrails-security group so you get emailed instantly whenever they
>> > announce anything like this.
>> >
>> > I'm not sure if it's intentional, but it seems like their security
>> > issues are alway announced late evening in UK time. I always seem to
>> > be staying up late fixing stuff as a result...
>>
>> Aaron Patterson does a lot of those and he's on PST, and Michael
>> Koziarski is in New Zealand, so it's probably more about fitting in with
>> their day.
>>
>> Fred
>> > _______________________________________________
>> > Chat mailing list
>> > Chat at lists.lrug.org
>> > http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>> _______________________________________________
>> Chat mailing list
>> Chat at lists.lrug.org
>> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>>
>
>
>
> --
> Michael
>
>
>
>  www.brightbits.co.uk
>
> Company number: 08133555
> Registered in England
> Registered office: 22 Finwell Road, Rainham, Kent, ME8 7PY
>
> _______________________________________________
> Chat mailing list
> Chat at lists.lrug.org
> http://lists.lrug.org/listinfo.cgi/chat-lrug.org
>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.lrug.org/pipermail/chat-lrug.org/attachments/20130111/ad4f6f4c/attachment-0003.html>


More information about the Chat mailing list