Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2686

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-2686
Last Modified 11 Aug 2011 10:45:18
Published 05 Aug 2011 05:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2686

Summary

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.

Vulnerable Systems

Application

  • Ruby-lang Ruby 1.8.7

  • Ruby-lang Ruby 1.8.7-160

  • Ruby-lang Ruby 1.8.7-173

  • Ruby-lang Ruby 1.8.7-248

  • Ruby-lang Ruby 1.8.7-249

  • Ruby-lang Ruby 1.8.7-299

  • Ruby-lang Ruby 1.8.7-302

  • Ruby-lang Ruby 1.8.7-330

  • Ruby-lang Ruby 1.8.7-334

  • Ruby-lang Ruby 1.8.7-p21


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=722415

CONFIRM - http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/

MLIST - [oss-security] 20110720 Re: CVE Request: ruby PRNG fixes

MLIST - [oss-security] 20110712 Re: CVE Request: ruby PRNG fixes

MLIST - [oss-security] 20110711 CVE Request: ruby PRNG fixes

CONFIRM - http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713

FEDORA - FEDORA-2011-9359

FEDORA - FEDORA-2011-9374

XF - ruby-random-number-dos(69032)

BID - 49015

CONFIRM - http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog

CONFIRM - http://redmine.ruby-lang.org/issues/show/4338

Related Patches

Novell SUSE 2012:5716 ruby-187p357 security update for SLE 11 SP1 i586

Novell SUSE 2012:5716 ruby-187p357 security update for SLE 11 SP1 x86_64


Last Updated: 27 May 2016 10:57:04