Lumension® Endpoint Intelligence Center

Intelligence Center » Browse All Vulnerabilities » CVE-2011-3009

Overview

Vulnerability Score 5.0 5.0
CVE Id CVE-2011-3009
Last Modified 06 Nov 2012 12:00:03
Published 05 Aug 2011 06:55:01
Confidentiality Impact PARTIAL PARTIAL
Integrity Impact NONE NONE
Availability Impact NONE NONE
Access Vector NETWORK
Access Complexity LOW
Authentication NONE

CVE-2011-3009

Summary

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.

Vulnerable Systems

Application

  • Ruby-lang Ruby 1.8.6


References

MLIST - [oss-security] 20110720 Re: CVE Request: ruby PRNG fixes

XF - ruby-random-number-weak-security(69157)

BID - 49126

MISC - http://redmine.ruby-lang.org/issues/show/4338

REDHAT - RHSA-2011:1581

REDHAT - RHSA-2012:0070

Related Patches

Red Hat 2012:0070-01 RHSA Moderate: ruby security update for RHEL 5 x86

Red Hat 2012:0070-01 RHSA Moderate: ruby security update for RHEL 4 x86

Red Hat 2012:0070-01 RHSA Moderate: ruby security update for RHEL 4 x86_64

Red Hat 2012:0070-01 RHSA Moderate: ruby security update for RHEL 5 x86_64

Novell SUSE 2012:5716 ruby-187p357 security update for SLE 11 SP1 i586

Novell SUSE 2012:5716 ruby-187p357 security update for SLE 11 SP1 x86_64


Last Updated: 27 May 2016 10:56:27