Ruby Random Number Generation Local Denial Of Service Vulnerability Network Vulnerability

Summary

This host is installed with Ruby and is prone to local denial of service vulnerability.

Impact

Successful exploits may allow local attackers to cause denial-of-service conditions. Impact Level: Application

Solution

Upgrade to Ruby version 1.8.7-p352 or later For updates refer to http://rubyforge.org/frs/?group_id=167

Insight

The flaw exists because ruby does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process.

Affected

Ruby Versions prior to 1.8.7-p352

References

http://redmine.ruby-lang.org/issues/show/4338
http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/
http://xforce.iss.net/xforce/xfdb/69032

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-2686

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Active Perl Denial of Service Vulnerability Feb 2014 (Windows)
Dell OpenManage Web Server <= 3.7.1
Connect back to SOCKS5 server
Adobe Reader 'AcroPDF.DLL' Denial of Service Vulnerability (Windows)
DB2 discovery service DOS

Take action and discover your vulnerabilities