Ruby Random Number Values Information Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with Ruby and is prone to information disclosure vulnerability.

Impact

Successful exploits may allow attackers to predict random number values. Impact Level: Application

Solution

Upgrade to Ruby version 1.8.6-p114 or later For updates refer to http://rubyforge.org/frs/?group_id=167

Insight

The flaw exists because ruby does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process.

Affected

Ruby Versions prior to Ruby 1.8.6-p114

References

http://redmine.ruby-lang.org/issues/show/4338
http://www.openwall.com/lists/oss-security/2011/07/20/1

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3009

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Windows)
Apple Safari Multiple Vulnerabilities
Adobe Reader Information Disclosure Vulnerability Jun05 (Windows)
AVG Anti-Virus 'hcp://' Protocol Handler Remote Code Execution Vulnerability
Active Perl CGI.pm 'Set-Cookie' and 'P3P' HTTP Header Injection Vulnerability (Win)

Take action and discover your vulnerabilities