Back to search
CVE-2011-2705
Published: Aug 5, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
[oss-security] 20110712 Re: CVE Request: ruby PRNG fixes
mailing-list
x_refsource_MLIST
http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/
x_refsource_CONFIRM
https://bugzilla.redhat.com/show_bug.cgi?id=722415
x_refsource_CONFIRM
[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes
mailing-list
x_refsource_MLIST
RHSA-2011:1581
vendor-advisory
x_refsource_REDHAT
http://www.ruby-lang.org/en/news/2011/07/15/ruby-1-9-2-p290-is-released/
x_refsource_CONFIRM
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050
x_refsource_CONFIRM
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog
x_refsource_CONFIRM
FEDORA-2011-9374
vendor-advisory
x_refsource_FEDORA
http://svn.ruby-lang.org/repos/ruby/tags/v1_9_2_290/ChangeLog
x_refsource_CONFIRM
[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes
mailing-list
x_refsource_MLIST
http://redmine.ruby-lang.org/issues/4579
x_refsource_CONFIRM
[oss-security] 20110711 CVE Request: ruby PRNG fixes
mailing-list
x_refsource_MLIST
49015
vdb-entry
x_refsource_BID
FEDORA-2011-9359
vendor-advisory
x_refsource_FEDORA
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now