CVE-2011-3009

Published: Aug 5, 2011Modified: Apr 29, 2026

5.0

Vector

AV:N/AC:L/Au:N/C:P/I:N/A:N

Exploitability: 10.0 / Impact: 2.9

Source: NVD

Description

Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.

Affected (3)

Products: Ruby Lang: Ruby

1 product

Configuration A

3 vulnerable

Vulnerable Software	Affected Versions
Ruby Lang Ruby	Up to 1.8.6
Ruby Lang Ruby	Version 1.8.6 p110
Ruby Lang Ruby	Version 1.8.6 p36

Related CWEs

References (12)

http://redmine.ruby-lang.org/issues/show/4338

Source: cve@mitre.org

http://rhn.redhat.com/errata/RHSA-2012-0070.html

Source: cve@mitre.org

http://www.openwall.com/lists/oss-security/2011/07/20/1

Source: cve@mitre.org

Patch

http://www.redhat.com/support/errata/RHSA-2011-1581.html

Source: cve@mitre.org

http://www.securityfocus.com/bid/49126

Source: cve@mitre.org

https://exchange.xforce.ibmcloud.com/vulnerabilities/69157

Source: cve@mitre.org

http://redmine.ruby-lang.org/issues/show/4338

Source: af854a3a-2127-422b-91ae-364da2661108

http://rhn.redhat.com/errata/RHSA-2012-0070.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.openwall.com/lists/oss-security/2011/07/20/1

Source: af854a3a-2127-422b-91ae-364da2661108

Patch

http://www.redhat.com/support/errata/RHSA-2011-1581.html

Source: af854a3a-2127-422b-91ae-364da2661108

http://www.securityfocus.com/bid/49126

Source: af854a3a-2127-422b-91ae-364da2661108

https://exchange.xforce.ibmcloud.com/vulnerabilities/69157

Source: af854a3a-2127-422b-91ae-364da2661108

Timeline

No history available yet.