REDHAT-BUG-722415
First published: Fri Jul 15 2011(Updated: )
It was found that Ruby did not properly reinitialize the random number generator, when forking new Ruby process. A local attacker could use this flaw to easier predict random numbers. References: [1] <a href="https://bugzilla.novell.com/show_bug.cgi?id=704409">https://bugzilla.novell.com/show_bug.cgi?id=704409</a> [2] <a href="http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/">http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/</a> [3] <a href="http://redmine.ruby-lang.org/issues/4579">http://redmine.ruby-lang.org/issues/4579</a> [4] <a href="http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713">http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713</a> [5] <a href="http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050">http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050</a> [6] <a href="http://www.openwall.com/lists/oss-security/2011/07/11/1">http://www.openwall.com/lists/oss-security/2011/07/11/1</a> [7] <a href="http://www.openwall.com/lists/oss-security/2011/07/12/14">http://www.openwall.com/lists/oss-security/2011/07/12/14</a>
| Affected Software | Affected Version | How to fix |
|---|---|---|
| Ruby |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- https://bugzilla.novell.com/show_bug.cgi?id=704409
- http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/
- http://redmine.ruby-lang.org/issues/4579
- http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713
- http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=32050
- http://www.openwall.com/lists/oss-security/2011/07/11/1
- http://www.openwall.com/lists/oss-security/2011/07/12/14
- https://bugzilla.redhat.com/show_bug.cgi/show_bug.cgi?id=722419
- http://thread.gmane.org/gmane.comp.security.oss.general/5446/focus=5524
- https://access.redhat.com/security/cve/CVE-2011-2705
- https://access.redhat.com/security/cve/CVE-2011-3009
- http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-3009
- http://www.openwall.com/lists/oss-security/2011/07/20/1
- http://redmine.ruby-lang.org/issues/show/4338
- https://access.redhat.com/security/cve/CVE-2003-0900
- https://access.redhat.com/security/cve/CVE-2011-2686
- https://rhn.redhat.com/errata/RHSA-2011-1581.html
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=555084&action=diff
- https://bugzilla.redhat.com/show_bug.cgi/attachment.cgi?id=555084&action=edit
- https://rhn.redhat.com/errata/RHSA-2012-0070.html
- https://bugzilla.redhat.com/show_bug.cgi?id=722415
Frequently Asked Questions
What is the severity of REDHAT-BUG-722415?
The severity of REDHAT-BUG-722415 is categorized as a medium vulnerability due to potential predictability of random numbers.
How do I fix REDHAT-BUG-722415?
To fix REDHAT-BUG-722415, ensure that you update Ruby to the latest version that addresses the random number generator reinitialization issue.
What versions of Ruby are affected by REDHAT-BUG-722415?
REDHAT-BUG-722415 affects multiple versions of Ruby prior to the implementation of the fix.
What type of attack does REDHAT-BUG-722415 enable?
REDHAT-BUG-722415 enables local attackers to potentially predict random numbers, which could lead to various security risks.
Is REDHAT-BUG-722415 related to process forking in Ruby?
Yes, REDHAT-BUG-722415 is specifically related to how Ruby handles random number generation when forking new processes.
- agent/type
- agent/first-publish-date
- agent/last-modified-date
- collector/redhat-bugzilla
- source/Red Hat
- alias/CVE-2011-2686
- agent/references
- agent/severity
- agent/description
- agent/event
- agent/trending
- agent/source
- agent/softwarecombine
- agent/tags
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- vendor/ruby
- canonical/ruby