Ruby Random Number Generation Local Denial Of Service Vulnerability Network Vulnerability

Summary

This host is installed with Ruby and is prone to local denial of service vulnerability.

Impact

Successful exploits may allow local attackers to cause denial-of-service conditions. Impact Level: Application

Solution

Upgrade to Ruby version 1.8.7-p352 or later For updates refer to http://rubyforge.org/frs/?group_id=167

Insight

The flaw exists because ruby does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process.

Affected

Ruby Versions prior to 1.8.7-p352

References

http://redmine.ruby-lang.org/issues/show/4338
http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/
http://xforce.iss.net/xforce/xfdb/69032

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2686
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Django Forms Library Algorithmic Complexity Vulnerability
ArGoSoft FTP Server XCWD Overflow
chm2pdf Insecure Temporary File Creation or DoS Vulnerability
CUPS Empty UDP Datagram DoS Vulnerability
freeFTPD PORT Command Denial of Service Vulnerability

Take action and discover your vulnerabilities