rbot '!react' Command Unauthorized Access Vulnerability

Bugtraq ID:	39915
Class:	Design Error
CVE:
Remote:	Yes
Local:	No
Published:	Feb 24 2010 12:00AM
Updated:	Feb 24 2010 12:00AM
Credit:	nks
Vulnerable:	Tom Gilbert rbot 0.9.14
Not Vulnerable:

rbot '!react' Command Unauthorized Access Vulnerability

Rbot is prone to an unauthorized-access vulnerability because it fails to adequately sanitize user supplied data.

An attacker can exploit this vulnerability to gain administrative rights to the rbot application. This will allow a remote attacker to execute Ruby code within the context of the affected application; other attacks may be possible.

rbot 0.9.14 is vulnerable; other versions may also be affected.

rbot '!react' Command Unauthorized Access Vulnerability

Attackers may launch attacks through a browser.

The following example is available:

<attacker> !react to /attacker:.*/ with cmd:whoami

rbot '!react' Command Unauthorized Access Vulnerability

Solution:
Reports indicate vendor updates are available; this has not been confirmed. Contact the vendor for more information.

rbot '!react' Command Unauthorized Access Vulnerability

References:

• rbot - Homepage (Tom Gilbert)
  
• Rbot Owner Reaction Command Execution (Matthias -apoc- Hecker )