Ruby Random Number Values Information Disclosure Vulnerability Network Vulnerability

Summary

This host is installed with Ruby and is prone to information disclosure vulnerability.

Impact

Successful exploits may allow attackers to predict random number values. Impact Level: Application

Solution

Upgrade to Ruby version 1.8.6-p114 or later For updates refer to http://rubyforge.org/frs/?group_id=167

Insight

The flaw exists because ruby does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process.

Affected

Ruby Versions prior to Ruby 1.8.6-p114

References

http://redmine.ruby-lang.org/issues/show/4338
http://www.openwall.com/lists/oss-security/2011/07/20/1

Updated on 2015-03-25

Severity

Classification

CVE CVE-2011-3009

CVSS	Base Score: 5.0 AV:N/AC:L/Au:N/C:P/I:N/A:N

Related Vulnerabilities

Apple iTunes Tutorials Window Security Bypass Vulnerability (Windows)
Apache /server-info accessible
Adobe Reader 'file://' URL Information Disclosure Vulnerability Feb07 (Mac OS X)
Apple Remote Desktop Information Disclosure Vulnerability
Arora Common Name SSL Certificate Spoofing Vulnerability (Linux)

Take action and discover your vulnerabilities