Summary
This host is installed with Ruby and is prone to local denial of service vulnerability.
Impact
Successful exploits may allow local attackers to cause denial-of-service conditions.
Impact Level: Application
Solution
Upgrade to Ruby version 1.8.7-p352 or later
For updates refer to http://rubyforge.org/frs/?group_id=167
Insight
The flaw exists because ruby does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process.
Affected
Ruby Versions prior to 1.8.7-p352
References
Severity
Classification
-
CVE CVE-2011-2686 -
CVSS Base Score: 5.0
AV:N/AC:L/Au:N/C:P/I:N/A:N
Related Vulnerabilities
- Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Mac OS X)
- Active Perl Denial of Service Vulnerability Feb 2014 (Windows)
- AVG Anti-Virus UPX Processing Denial of Service Vulnerability
- EtherApe RPC Packet Processing Denial of Service Vulnerability
- Apple Safari WebKit Property Memory Leak Remote DoS Vulnerability