Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-2705

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-2705
Last Modified 18 Jan 2012 10:58:35
Published 05 Aug 2011 05:55:04
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-2705

Summary

The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.

Vulnerable Systems

Application

  • Ruby-lang Ruby 1.8.7

  • Ruby-lang Ruby 1.8.7-160

  • Ruby-lang Ruby 1.8.7-173

  • Ruby-lang Ruby 1.8.7-248

  • Ruby-lang Ruby 1.8.7-249

  • Ruby-lang Ruby 1.8.7-299

  • Ruby-lang Ruby 1.8.7-302

  • Ruby-lang Ruby 1.8.7-330

  • Ruby-lang Ruby 1.8.7-334

  • Ruby-lang Ruby 1.8.7-p21

  • Ruby-lang Ruby 1.9

  • Ruby-lang Ruby 1.9.0

  • Ruby-lang Ruby 1.9.0-0

  • Ruby-lang Ruby 1.9.0-1

  • Ruby-lang Ruby 1.9.0-2

  • Ruby-lang Ruby 1.9.0-20060415

  • Ruby-lang Ruby 1.9.0-20070709

  • Ruby-lang Ruby 1.9.1

  • Ruby-lang Ruby 1.9.2

  • Ruby-lang Ruby 1.9.2-p136

  • Ruby-lang Ruby 1.9.2-p180


References

CONFIRM - https://bugzilla.redhat.com/show_bug.cgi?id=722415

CONFIRM - http://www.ruby-lang.org/en/news/2011/07/15/ruby-1-9-2-p290-is-released/

CONFIRM - http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/

MLIST - [oss-security] 20110720 Re: CVE Request: ruby PRNG fixes

MLIST - [oss-security] 20110712 Re: CVE Request: ruby PRNG fixes

MLIST - [oss-security] 20110711 CVE Request: ruby PRNG fixes

CONFIRM - http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050

FEDORA - FEDORA-2011-9374

BID - 49015

CONFIRM - http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_290/ChangeLog

CONFIRM - http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog

CONFIRM - http://redmine.ruby-lang.org/issues/4579

FEDORA - FEDORA-2011-9359

REDHAT - RHSA-2011:1581

Related Patches

Novell SUSE 2012:5716 ruby-187p357 security update for SLE 11 SP1 i586

Novell SUSE 2012:5716 ruby-187p357 security update for SLE 11 SP1 x86_64


Last Updated: 27 May 2016 10:57:21