Lucene search

K

PRIOn knowledge basePRION:CVE-2011-2705

HistoryAug 05, 2011 - 9:55 p.m.

Design/Logic Flaw

2011-08-0521:55:00

PRIOn knowledge base

www.prio-n.com

5

6.7 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.9%

The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.

CPENameOperatorVersion
rubyeq1.8.7-302
rubyeq1.8.7-249
rubyeq1.8.7-299
rubyeq<= 1.8.7-334
rubyeq1.8.7 p71
rubyeq1.8.7 p22
rubyeq1.8.7-330
rubyeq1.8.7-160
rubyeq1.8.7-173
rubyeq1.8.7-p21

Rows per page:

1-10 of 351

References

redmine.ruby-lang.org/issues/4579

svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050

svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog

svn.ruby-lang.org/repos/ruby/tags/v1_9_2_290/ChangeLog

www.openwall.com/lists/oss-security/2011/07/11/1

www.openwall.com/lists/oss-security/2011/07/12/14

www.openwall.com/lists/oss-security/2011/07/20/1

www.openwall.com/lists/oss-security/2011/07/20/16

www.redhat.com/support/errata/RHSA-2011-1581.html

www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/

www.ruby-lang.org/en/news/2011/07/15/ruby-1-9-2-p290-is-released/

www.securityfocus.com/bid/49015

bugzilla.redhat.com/show_bug.cgi?id=722415

lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html

lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html

6.7 Medium

AI Score

Confidence

Low

0.005 Low

EPSS

Percentile

76.9%

Related for PRION:CVE-2011-2705

openvas20 nvd1 cvelist1 veracode1 cve1 ubuntucve1 fedora2 nessus11 redhat1 oraclelinux1 osv2 debian2 ubuntu1