Back to search
CVE-2011-3009
Published: Aug 5, 2011
Modified: Aug 6, 2024
PUBLISHED
Description
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.
| Vendor | Product | Versions |
|---|---|---|
n/a | n/a | affected n/a |
References
49126
vdb-entry
x_refsource_BID
RHSA-2011:1581
vendor-advisory
x_refsource_REDHAT
ruby-random-number-weak-security(69157)
vdb-entry
x_refsource_XF
RHSA-2012:0070
vendor-advisory
x_refsource_REDHAT
http://redmine.ruby-lang.org/issues/show/4338
x_refsource_MISC
[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes
mailing-list
x_refsource_MLIST
Security Training
Train your team to recognize and prevent security threats with our comprehensive security awareness program.
Start TrainingVulnerability Scanning
Discover vulnerabilities in your applications and infrastructure before attackers do.
Scan Now