IT Blog, Web Development,

Hackers Still Exploit the Vulnerability of Ruby on Rails

1 m read
QArea Expert
QArea Expert Marketing Manager
May 31, 2013
Share on
Reading Time: 1 minute

Ruby on Rails represents a widespread framework which allows developing web apps on the Ruby language. The Ruby on Rails app’s vulnerability is actively used by hackers with the view of compromising web servers and creation of a botnet.

Although avoiding the existing problem of vulnerability the developers of the Ruby on Rails have already launched a security patch in January. The problem is that some Rails installations have not yet been updated by server admins.

Security consultants are surprised that it has already been happening for so long to exploit the vulnerability, but what is more surprising is that users still run the vulnerable installation of Ruby on Rails.

This vulnerability is exploited for remote execution of the code on the Linux machines. This code loads malicious C source code from a remote server and then compiles it locally and executes.

If the procedure fails to compile, the system loads already compiled version of malware. The bot connects to the IRC (Internet Relay Chat) server and joins a specific channel through which it receives commands from the attackers. The malware’s precompiled version is also loaded in the event of the compromised systems fail.

According to security experts’ reports despite the limited capacity of vulnerability, it is dangerous and allows you to turn the Linux machines into bot. There is already evidence that systems of some web hosting are affected.

The hackers more and more often compromise web servers to be a part of botnets. For instance not so long ago Apache servers were infected with Linux/Cdorked malware.

The only way for users to avoid the risk to be hacked is to install at least versions 2.3.15, 3.0.19, 3.1.10 or 3.2.11 containing the CVE-2013-0156 patch. However the safest decision is updating to the latest Rails versions available.

Categories

Recent Posts

  • Best Frontend Programming Languages to Create Beautiful and Fast Interfaces

    Read more
  • Capability Maturity Model Integration – QArea's big journey

    Read more
  • QArea is a Unique Services Provider in 2019 CEE Awards

    Read more
  • Ultimate Development Trends in 2018 to Reward Your Business in 2019

    Read more
  • Why You Should Write Your Next Microservice Using Golang

    Read more
  • 7 Reasons to Truly Love Microservices

    Read more
  • The Best Languages for Microservices

    Read more
  • QArea's Year: Summing Up 2018

    Read more

Subscribe

Yes

Share on
Privacy Preference Center