Ruby Random Number Values Information Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with Ruby and is prone to information disclosure vulnerability.

Impact

Successful exploits may allow attackers to predict random number values. Impact Level: Application

Solution

Upgrade to Ruby version 1.8.6-p114 or later For updates refer to http://rubyforge.org/frs/?group_id=167

Insight

The flaw exists because ruby does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process.

Affected

Ruby Versions prior to Ruby 1.8.6-p114

References

http://redmine.ruby-lang.org/issues/show/4338
http://www.openwall.com/lists/oss-security/2011/07/20/1

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3009
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Brother HL-5370DW Printer 'post/panel.html' Security Bypass Vulnerability
Apple Safari Multiple Vulnerabilities Dec13 (Mac OS X)
Apple Safari Webkit Multiple Vulnerabilities - June13 (Mac OS X)
Apache Tomcat Multiple Vulnerabilities - 03 Mar14
Adobe Flash Media Server Video Stream Capture Security Issue

Take action and discover your vulnerabilities