Back to search
CVE-2011-2686
Published: Aug 5, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20110712 Re: CVE Request: ruby PRNG fixes
mailing-list
x_refsource_MLIST
http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=722415
x_refsource_CONFIRM
[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes
mailing-list
x_refsource_MLIST
http://redmine.ruby-lang.org/issues/show/4338
x_refsource_CONFIRM
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog
x_refsource_CONFIRM
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713
x_refsource_CONFIRM
FEDORA-2011-9374
vendor-advisory
x_refsource_FEDORA
ruby-random-number-dos(69032)
vdb-entry
x_refsource_XF
[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes
mailing-list
x_refsource_MLIST
[oss-security] 20110711 CVE Request: ruby PRNG fixes
mailing-list
x_refsource_MLIST
49015
vdb-entry
x_refsource_BID
FEDORA-2011-9359
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now