Description

The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.

Remediation

References

CVE-2011-2705

Related Vulnerabilities

WordPress Plugin NextGEN Gallery-WordPress Gallery Directory Traversal (2.1.9)

MySQL Insufficiently Protected Credentials Vulnerability (CVE-2012-5627)

e107 Cross-Site Request Forgery (CSRF) Vulnerability (CVE-2017-8098)

WordPress Plugin WP SEO TDK Security Bypass (2.0.2)

WordPress Plugin WP Smart Import: Import any XML File to WordPress Server-Side Request Forgery (1.0.0)

Severity

Medium

Classification

CVE-2011-2705 CWE-20

Tags

Missing Update Known Vulnerabilities