Public Date:
722415: CVE-2011-2686 CVE-2011-2705 CVE-2011-3009 ruby: Properly initialize the random number generator when forking new process

The MITRE CVE dictionary describes this issue as:

The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.

Find out more about CVE-2011-2705 from the MITRE CVE dictionary dictionary and NIST NVD.

CVSS v2 metrics

Base Score 2.1
Base Metrics AV:L/AC:L/Au:N/C:P/I:N/A:N
Access Vector Local
Access Complexity Low
Authentication None
Confidentiality Impact Partial
Integrity Impact None
Availability Impact None

Find out more about Red Hat support for the Common Vulnerability Scoring System (CVSS).

Red Hat Security Errata

Platform Errata Release Date
Red Hat Enterprise Linux 6 (ruby) RHSA-2011:1581 2011-12-05

Affected Packages State

Platform Package State
Red Hat Enterprise Linux 5 ruby Will not fix
Red Hat Enterprise Linux 4 ruby Will not fix
Unless explicitly stated as not affected, all previous versions of packages in any minor update stream of a product listed here should be assumed vulnerable, although may not have been subject to full analysis.
Last Modified

CVE description copyright © 2017, The MITRE Corporation