Denial of Service : Ruby Random Number Generation Local Denial Of Service Vulnerability

Búsqueda de Vulnerabilidad		Buscar 324607 Descripciones CVE y 145615 Descripciones de Pruebas, accesos 10,000+ referencias cruzadas.
	Pruebas CVE Todos

ID de Prueba: 1.3.6.1.4.1.25623.1.0.902558

Categoría: Denial of Service

Título: Ruby Random Number Generation Local Denial Of Service Vulnerability

Resumen: Ruby is prone to local denial of service vulnerability.

Descripción: Summary:
Ruby is prone to local denial of service vulnerability.

Vulnerability Insight:
The flaw exists because ruby does not reset the random seed upon forking,
which makes it easier for context-dependent attackers to predict the values
of random numbers by leveraging knowledge of the number sequence obtained in
a different child process.

Vulnerability Impact:
Successful exploits may allow local attackers to cause denial-of-service
conditions.

Affected Software/OS:
Ruby Versions prior to 1.8.7-p352.

Solution:
Upgrade to Ruby version 1.8.7-p352 or later.

CVSS Score:
5.0

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:N/A:N

Referencia Cruzada: Common Vulnerability Exposure (CVE) ID: CVE-2011-2686
49015
http://www.securityfocus.com/bid/49015
FEDORA-2011-9359
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html
FEDORA-2011-9374
http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html
[oss-security] 20110711 CVE Request: ruby PRNG fixes
http://www.openwall.com/lists/oss-security/2011/07/11/1
[oss-security] 20110712 Re: CVE Request: ruby PRNG fixes
http://www.openwall.com/lists/oss-security/2011/07/12/14
[oss-security] 20110720 Re: CVE Request: ruby PRNG fixes
http://www.openwall.com/lists/oss-security/2011/07/20/1
http://www.openwall.com/lists/oss-security/2011/07/20/16
http://redmine.ruby-lang.org/issues/show/4338
http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713
http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog
http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/
https://bugzilla.redhat.com/show_bug.cgi?id=722415
ruby-random-number-dos(69032)
https://exchange.xforce.ibmcloud.com/vulnerabilities/69032

Copyright Copyright (C) 2011 Greenbone AG

Esta es sólo una de 145615 pruebas de vulnerabilidad en nuestra serie de pruebas. Encuentre más sobre cómo ejecutar una auditoría de seguridad completa.
Para ejecutar una prueba gratuita de esta vulnerabilidad contra su sistema, regístrese ahora.

ID de Prueba:	1.3.6.1.4.1.25623.1.0.902558
Categoría:	Denial of Service
Título:	Ruby Random Number Generation Local Denial Of Service Vulnerability
Resumen:	Ruby is prone to local denial of service vulnerability.
Descripción:	Summary: Ruby is prone to local denial of service vulnerability. Vulnerability Insight: The flaw exists because ruby does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process. Vulnerability Impact: Successful exploits may allow local attackers to cause denial-of-service conditions. Affected Software/OS: Ruby Versions prior to 1.8.7-p352. Solution: Upgrade to Ruby version 1.8.7-p352 or later. CVSS Score: 5.0 CVSS Vector: AV:N/AC:L/Au:N/C:P/I:N/A:N
Referencia Cruzada:	Common Vulnerability Exposure (CVE) ID: CVE-2011-2686 49015 http://www.securityfocus.com/bid/49015 FEDORA-2011-9359 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html FEDORA-2011-9374 http://lists.fedoraproject.org/pipermail/package-announce/2011-July/063062.html [oss-security] 20110711 CVE Request: ruby PRNG fixes http://www.openwall.com/lists/oss-security/2011/07/11/1 [oss-security] 20110712 Re: CVE Request: ruby PRNG fixes http://www.openwall.com/lists/oss-security/2011/07/12/14 [oss-security] 20110720 Re: CVE Request: ruby PRNG fixes http://www.openwall.com/lists/oss-security/2011/07/20/1 http://www.openwall.com/lists/oss-security/2011/07/20/16 http://redmine.ruby-lang.org/issues/show/4338 http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=31713 http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_352/ChangeLog http://www.ruby-lang.org/en/news/2011/07/02/ruby-1-8-7-p352-released/ https://bugzilla.redhat.com/show_bug.cgi?id=722415 ruby-random-number-dos(69032) https://exchange.xforce.ibmcloud.com/vulnerabilities/69032
Copyright	Copyright (C) 2011 Greenbone AG