<div dir="ltr">This vulnerability is now in metasploit. this basically means any 13 year old with a computer can type a command that will drop them to a console on YOUR server.<div><br></div><div><a href="https://github.com/rapid7/metasploit-framework/pull/1281">https://github.com/rapid7/metasploit-framework/pull/1281</a> </div>
<div><br></div><div style>patch now.</div></div><div class="gmail_extra"><br><br><div class="gmail_quote">On Wed, Jan 9, 2013 at 3:48 PM, Frederick Cheung <span dir="ltr"><<a href="mailto:frederick.cheung@gmail.com" target="_blank">frederick.cheung@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div class="im"><br>
<br>
On 9 Jan 2013, at 16:38, Jonathan del Strother <<a href="mailto:maillist@steelskies.com">maillist@steelskies.com</a>> wrote:<br>
> and if this is news to you, you probably ought to subscribe to the<br>
> rubyonrails-security group so you get emailed instantly whenever they<br>
> announce anything like this.<br>
><br>
> I'm not sure if it's intentional, but it seems like their security<br>
> issues are alway announced late evening in UK time. I always seem to<br>
> be staying up late fixing stuff as a result...<br>
<br>
</div>Aaron Patterson does a lot of those and he's on PST, and Michael Koziarski is in New Zealand, so it's probably more about fitting in with their day.<br>
<br>
Fred<br>
<div class="HOEnZb"><div class="h5">> _______________________________________________<br>
> Chat mailing list<br>
> <a href="mailto:Chat@lists.lrug.org">Chat@lists.lrug.org</a><br>
> <a href="http://lists.lrug.org/listinfo.cgi/chat-lrug.org" target="_blank">http://lists.lrug.org/listinfo.cgi/chat-lrug.org</a><br>
_______________________________________________<br>
Chat mailing list<br>
<a href="mailto:Chat@lists.lrug.org">Chat@lists.lrug.org</a><br>
<a href="http://lists.lrug.org/listinfo.cgi/chat-lrug.org" target="_blank">http://lists.lrug.org/listinfo.cgi/chat-lrug.org</a><br>
</div></div></blockquote></div><br><br clear="all"><div><br></div>-- <br>Michael<div><br></div><div><img src="http://www.brightbits.co.uk/images/sig.jpg"><br></div><div><font size="1" color="#c0c0c0"><br></font></div><div>
<a href="http://www.brightbits.co.uk/" target="_blank">www.brightbits.co.uk</a></div><div><br></div><div><font size="1" color="#c0c0c0">Company number: <span style="background-color:rgb(255,255,255);font-family:arial,sans-serif">08133555 </span></font></div>
<div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif"><font size="1" color="#c0c0c0">Registered in England</font></span></div><div><span style="background-color:rgb(255,255,255);font-family:arial,sans-serif"><font size="1" color="#c0c0c0">Registered office: 22 Finwell Road, Rainham, Kent, ME8 7PY</font></span></div>

</div>