ID CVE-2011-3009
Summary Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.
References
Vulnerable Configurations
  • cpe:2.3:a:ruby-lang:ruby:1.8.6:p111
    cpe:2.3:a:ruby-lang:ruby:1.8.6:p111
  • cpe:2.3:a:ruby-lang:ruby:1.8.6:p110
    cpe:2.3:a:ruby-lang:ruby:1.8.6:p110
  • cpe:2.3:a:ruby-lang:ruby:1.8.6:p36
    cpe:2.3:a:ruby-lang:ruby:1.8.6:p36
CVSS
Base: 5.0 (as of 08-08-2011 - 10:19)
Impact:
Exploitability:
CWE CWE-310
CAPEC
  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.
Access
VectorComplexityAuthentication
NETWORK LOW NONE
Impact
ConfidentialityIntegrityAvailability
PARTIAL NONE NONE
nessus via4
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2012-0070.NASL
    description Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2011-4815) It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted). (CVE-2011-3009) Red Hat would like to thank oCERT for reporting CVE-2011-4815. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4815. All users of ruby are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-12-20
    plugin id 57747
    published 2012-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57747
    title RHEL 4 / 5 : ruby (RHSA-2012:0070)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_RUBY-187P357-120126.NASL
    description This update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes while maintaining full compatibility with the previous version. A detailailed list of changes is available from http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog . The most important fixes are : - Hash functions are now using a randomized seed to avoid algorithmic complexity attacks. If available, OpenSSL::Random.seed at the SecureRandom.random_bytes is used to achieve this. (CVE-2011-4815) - mkconfig.rb: fix for continued lines. - Fix Infinity to be greater than any bignum number. - Initialize store->ex_data.sk. - Several IPv6 related fixes. - Fixes for zlib. - Reinitialize PRNG when forking children. (CVE-2011-2686 / CVE-2011-3009) - Fixes to securerandom. (CVE-2011-2705) - Fix uri route_to - Fix race condition with variables and autoload.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 57840
    published 2012-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57840
    title SuSE 11.1 Security Update : ruby (SAT Patch Number 5716)
  • NASL family Red Hat Local Security Checks
    NASL id REDHAT-RHSA-2011-1581.NASL
    description Updated ruby packages that fix two security issues, various bugs, and add one enhancement are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted). (CVE-2011-3009) A flaw was found in the Ruby SecureRandom module. When using the SecureRandom.random_bytes class, the PRNG state was not modified after forking a child process. This could eventually lead to SecureRandom.random_bytes returning the same string more than once. An attacker keeping track of the strings returned by one child process could use this flaw to predict the strings SecureRandom.random_bytes would return in other child processes (as long as the parent process persisted). (CVE-2011-2705) This update also fixes the following bugs : * The ruby package has been upgraded to upstream point release 1.8.7-p352, which provides a number of bug fixes over the previous version. (BZ#706332) * The MD5 message-digest algorithm is not a FIPS-approved algorithm. Consequently, when a Ruby script attempted to calculate an MD5 checksum in FIPS mode, the interpreter terminated unexpectedly. This bug has been fixed and an exception is now raised in the described scenario. (BZ#717709) * Due to inappropriately handled line continuations in the mkconfig.rb source file, an attempt to build the ruby package resulted in unexpected termination. An upstream patch has been applied to address this issue and the ruby package can now be built properly. (BZ#730287) * When the 32-bit ruby-libs library was installed on a 64-bit machine, the mkmf library failed to load various modules necessary for building Ruby-related packages. This bug has been fixed and mkmf now works properly in the described scenario. (BZ#674787) * Previously, the load paths for scripts and binary modules were duplicated on the i386 architecture. Consequently, an ActiveSupport test failed. With this update, the load paths are no longer stored in duplicates on the i386 architecture. (BZ#722887) This update also adds the following enhancement : * With this update, SystemTap probes have been added to the ruby package. (BZ#673162) All users of ruby are advised to upgrade to these updated packages, which resolve these issues and add this enhancement.
    last seen 2019-02-21
    modified 2018-11-26
    plugin id 57017
    published 2011-12-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57017
    title RHEL 6 : ruby (RHSA-2011:1581)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_4_RUBY-120117.NASL
    description This update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes, which are fully compatible with the previous version. You can review the detailed list here : http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog The particularly noteworthy fixes are : - Hash functions are now using a randomized seed to avoid algorithmic complexity attacks (CVE-2011-4815). For this OpenSSL::Random.seed at the SecureRandom.random_bytes is used if available. - mkconfig.rb: fix for continued lines. - Fix Infinity to be greater than any bignum number. - initialize store->ex_data.sk. - some IPv6 related fixes - zlib fixes - reinitialize PRNG when forking children (CVE-2011-2686/CVE-2011-3009) - securerandom fixes (CVE-2011-2705) - uri route_to fixes - fix race condition with variables and autoload
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 76015
    published 2014-06-13
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=76015
    title openSUSE Security Update : ruby (openSUSE-SU-2012:0228-1)
  • NASL family SuSE Local Security Checks
    NASL id SUSE_11_RUBY-187P357-120127.NASL
    description This update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes while maintaining full compatibility with the previous version. A detailailed list of changes is available from http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog . The most important fixes are : - Hash functions are now using a randomized seed to avoid algorithmic complexity attacks. If available, OpenSSL::Random.seed at the SecureRandom.random_bytes is used to achieve this. (CVE-2011-4815) - mkconfig.rb: fix for continued lines. - Fix Infinity to be greater than any bignum number. - Initialize store->ex_data.sk. - Several IPv6 related fixes. - Fixes for zlib. - Reinitialize PRNG when forking children. (CVE-2011-2686 / CVE-2011-3009) - Fixes to securerandom. (CVE-2011-2705) - Fix uri route_to - Fix race condition with variables and autoload.
    last seen 2019-02-21
    modified 2013-10-25
    plugin id 57841
    published 2012-02-06
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57841
    title SuSE 11.1 Security Update : ruby (SAT Patch Number 5716)
  • NASL family Oracle Linux Local Security Checks
    NASL id ORACLELINUX_ELSA-2012-0070.NASL
    description From Red Hat Security Advisory 2012:0070 : Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2011-4815) It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted). (CVE-2011-3009) Red Hat would like to thank oCERT for reporting CVE-2011-4815. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4815. All users of ruby are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-07-18
    plugin id 68441
    published 2013-07-12
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=68441
    title Oracle Linux 4 / 5 : ruby (ELSA-2012-0070)
  • NASL family CentOS Local Security Checks
    NASL id CENTOS_RHSA-2012-0070.NASL
    description Updated ruby packages that fix two security issues are now available for Red Hat Enterprise Linux 4 and 5. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System (CVSS) base scores, which give detailed severity ratings, are available for each vulnerability from the CVE links in the References section. Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2011-4815) It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted). (CVE-2011-3009) Red Hat would like to thank oCERT for reporting CVE-2011-4815. oCERT acknowledges Julian Walde and Alexander Klink as the original reporters of CVE-2011-4815. All users of ruby are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen 2019-02-21
    modified 2018-11-10
    plugin id 57734
    published 2012-01-31
    reporter Tenable
    source https://www.tenable.com/plugins/index.php?view=single&id=57734
    title CentOS 4 / 5 : ruby (CESA-2012:0070)
redhat via4
advisories
  • bugzilla
    id 730287
    title It's not possible to build ruby package
    oval
    AND
    • OR
      • comment Red Hat Enterprise Linux 6 Client is installed
        oval oval:com.redhat.rhsa:tst:20100842001
      • comment Red Hat Enterprise Linux 6 Server is installed
        oval oval:com.redhat.rhsa:tst:20100842002
      • comment Red Hat Enterprise Linux 6 Workstation is installed
        oval oval:com.redhat.rhsa:tst:20100842003
      • comment Red Hat Enterprise Linux 6 ComputeNode is installed
        oval oval:com.redhat.rhsa:tst:20100842004
    • OR
      • AND
        • comment ruby is earlier than 0:1.8.7.352-3.el6
          oval oval:com.redhat.rhsa:tst:20111581005
        • comment ruby is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110910006
      • AND
        • comment ruby-devel is earlier than 0:1.8.7.352-3.el6
          oval oval:com.redhat.rhsa:tst:20111581017
        • comment ruby-devel is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110910016
      • AND
        • comment ruby-docs is earlier than 0:1.8.7.352-3.el6
          oval oval:com.redhat.rhsa:tst:20111581019
        • comment ruby-docs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110910012
      • AND
        • comment ruby-irb is earlier than 0:1.8.7.352-3.el6
          oval oval:com.redhat.rhsa:tst:20111581009
        • comment ruby-irb is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110910018
      • AND
        • comment ruby-libs is earlier than 0:1.8.7.352-3.el6
          oval oval:com.redhat.rhsa:tst:20111581007
        • comment ruby-libs is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110910020
      • AND
        • comment ruby-rdoc is earlier than 0:1.8.7.352-3.el6
          oval oval:com.redhat.rhsa:tst:20111581021
        • comment ruby-rdoc is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110910022
      • AND
        • comment ruby-ri is earlier than 0:1.8.7.352-3.el6
          oval oval:com.redhat.rhsa:tst:20111581013
        • comment ruby-ri is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110910014
      • AND
        • comment ruby-static is earlier than 0:1.8.7.352-3.el6
          oval oval:com.redhat.rhsa:tst:20111581015
        • comment ruby-static is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110910010
      • AND
        • comment ruby-tcltk is earlier than 0:1.8.7.352-3.el6
          oval oval:com.redhat.rhsa:tst:20111581011
        • comment ruby-tcltk is signed with Red Hat redhatrelease2 key
          oval oval:com.redhat.rhsa:tst:20110910008
    rhsa
    id RHSA-2011:1581
    released 2011-12-06
    severity Low
    title RHSA-2011:1581: ruby security, bug fix, and enhancement update (Low)
  • rhsa
    id RHSA-2012:0070
rpms
  • ruby-0:1.8.7.352-3.el6
  • ruby-devel-0:1.8.7.352-3.el6
  • ruby-docs-0:1.8.7.352-3.el6
  • ruby-irb-0:1.8.7.352-3.el6
  • ruby-libs-0:1.8.7.352-3.el6
  • ruby-rdoc-0:1.8.7.352-3.el6
  • ruby-ri-0:1.8.7.352-3.el6
  • ruby-static-0:1.8.7.352-3.el6
  • ruby-tcltk-0:1.8.7.352-3.el6
  • irb-0:1.8.1-18.el4
  • ruby-0:1.8.1-18.el4
  • ruby-devel-0:1.8.1-18.el4
  • ruby-docs-0:1.8.1-18.el4
  • ruby-libs-0:1.8.1-18.el4
  • ruby-mode-0:1.8.1-18.el4
  • ruby-tcltk-0:1.8.1-18.el4
  • ruby-0:1.8.5-22.el5_7.1
  • ruby-devel-0:1.8.5-22.el5_7.1
  • ruby-docs-0:1.8.5-22.el5_7.1
  • ruby-irb-0:1.8.5-22.el5_7.1
  • ruby-libs-0:1.8.5-22.el5_7.1
  • ruby-mode-0:1.8.5-22.el5_7.1
  • ruby-rdoc-0:1.8.5-22.el5_7.1
  • ruby-ri-0:1.8.5-22.el5_7.1
  • ruby-tcltk-0:1.8.5-22.el5_7.1
refmap via4
bid 49126
misc http://redmine.ruby-lang.org/issues/show/4338
mlist [oss-security] 20110720 Re: CVE Request: ruby PRNG fixes
xf ruby-random-number-weak-security(69157)
Last major update 06-11-2012 - 00:00
Published 05-08-2011 - 18:55
Last modified 28-08-2017 - 21:29
Back to Top