1. Home
  2. Vulnerabilities
  3. CVE-2011-2705

CVE-2011-2705

CVSS v2.0 5 (Medium)
50% Progress
EPSS 0.52 % (77th)
0.52% Progress
Affected Products 1
Advisories 5
Info CVSS EPSS CAPEC Affected Configurations References Security Advisories Packages & Software OVAL Tools, Exploits & PoC Graph Web & Social Timeline

The SecureRandom.random_bytes function in lib/securerandom.rb in Ruby before 1.8.7-p352 and 1.9.x before 1.9.2-p290 relies on PID values for initialization, which makes it easier for context-dependent attackers to predict the result string by leveraging knowledge of random strings obtained in an earlier process with the same PID.

Weaknesses
CWE-20
Improper Input Validation
CVE Status
PUBLISHED
CNA
Red Hat, Inc.
Published Date
2011-08-05 21:55:04
(13 years ago)
Updated Date
2012-01-19 03:58:35
(12 years ago)

Affected Products

Ruby-lang

Configuration #1

    CPE23 From Up To
  Ruby-lang Ruby 1.8.7-334 and prior versions cpe:2.3:a:ruby-lang:ruby <= 1.8.7-334
  Ruby-lang Ruby 1.8.7 P22 cpe:2.3:a:ruby-lang:ruby:1.8.7:p22
  Ruby-lang Ruby 1.8.7 P71 cpe:2.3:a:ruby-lang:ruby:1.8.7:p71
  Ruby-lang Ruby 1.8.7 P72 cpe:2.3:a:ruby-lang:ruby:1.8.7:p72
  Ruby-lang Ruby 1.8.7-160 cpe:2.3:a:ruby-lang:ruby:1.8.7-160
  Ruby-lang Ruby 1.8.7-173 cpe:2.3:a:ruby-lang:ruby:1.8.7-173
  Ruby-lang Ruby 1.8.7-248 cpe:2.3:a:ruby-lang:ruby:1.8.7-248
  Ruby-lang Ruby 1.8.7-249 cpe:2.3:a:ruby-lang:ruby:1.8.7-249
  Ruby-lang Ruby 1.8.7-299 cpe:2.3:a:ruby-lang:ruby:1.8.7-299
  Ruby-lang Ruby 1.8.7-302 cpe:2.3:a:ruby-lang:ruby:1.8.7-302
  Ruby-lang Ruby 1.8.7-330 cpe:2.3:a:ruby-lang:ruby:1.8.7-330
  Ruby-lang Ruby 1.8.7-p21 cpe:2.3:a:ruby-lang:ruby:1.8.7-p21

Configuration #2

    CPE23 From Up To
  Ruby-lang Ruby 1.9 cpe:2.3:a:ruby-lang:ruby:1.9
  Ruby-lang Ruby 1.9 R18423 cpe:2.3:a:ruby-lang:ruby:1.9:r18423
  Ruby-lang Ruby 1.9.0 cpe:2.3:a:ruby-lang:ruby:1.9.0
  Ruby-lang Ruby 1.9.0 R18423 cpe:2.3:a:ruby-lang:ruby:1.9.0:r18423
  Ruby-lang Ruby 1.9.0-0 cpe:2.3:a:ruby-lang:ruby:1.9.0-0
  Ruby-lang Ruby 1.9.0-1 cpe:2.3:a:ruby-lang:ruby:1.9.0-1
  Ruby-lang Ruby 1.9.0-2 cpe:2.3:a:ruby-lang:ruby:1.9.0-2
  Ruby-lang Ruby 1.9.0-20060415 cpe:2.3:a:ruby-lang:ruby:1.9.0-20060415
  Ruby-lang Ruby 1.9.0-20070709 cpe:2.3:a:ruby-lang:ruby:1.9.0-20070709
  Ruby-lang Ruby 1.9.1 cpe:2.3:a:ruby-lang:ruby:1.9.1
  Ruby-lang Ruby 1.9.1 -p0 cpe:2.3:a:ruby-lang:ruby:1.9.1:-p0
  Ruby-lang Ruby 1.9.1 -p129 cpe:2.3:a:ruby-lang:ruby:1.9.1:-p129
  Ruby-lang Ruby 1.9.1 -p243 cpe:2.3:a:ruby-lang:ruby:1.9.1:-p243
  Ruby-lang Ruby 1.9.1 -p376 cpe:2.3:a:ruby-lang:ruby:1.9.1:-p376
  Ruby-lang Ruby 1.9.1 -p429 cpe:2.3:a:ruby-lang:ruby:1.9.1:-p429
  Ruby-lang Ruby 1.9.1 -preview 1 cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_1
  Ruby-lang Ruby 1.9.1 -preview 2 cpe:2.3:a:ruby-lang:ruby:1.9.1:-preview_2
  Ruby-lang Ruby 1.9.1 -rc1 cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc1
  Ruby-lang Ruby 1.9.1 -rc2 cpe:2.3:a:ruby-lang:ruby:1.9.1:-rc2
  Ruby-lang Ruby 1.9.2 cpe:2.3:a:ruby-lang:ruby:1.9.2
  Ruby-lang Ruby 1.9.2 Dev cpe:2.3:a:ruby-lang:ruby:1.9.2:dev
  Ruby-lang Ruby 1.9.2-p136 cpe:2.3:a:ruby-lang:ruby:1.9.2-p136
  Ruby-lang Ruby 1.9.2-p180 cpe:2.3:a:ruby-lang:ruby:1.9.2-p180