Vulnerabilities > CVE-2011-2686 - Cryptographic Issues vulnerability in Ruby-Lang Ruby

047910
CVSS 0.0 - NONE
Attack vector
UNKNOWN
Attack complexity
UNKNOWN
Privileges required
UNKNOWN
Confidentiality impact
UNKNOWN
Integrity impact
UNKNOWN
Availability impact
UNKNOWN

Summary

Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.

Vulnerable Configurations

Part Description Count
Application
Ruby-Lang
646

Common Weakness Enumeration (CWE)

Common Attack Pattern Enumeration and Classification (CAPEC)

  • Signature Spoofing by Key Recreation
    An attacker obtains an authoritative or reputable signer's private signature key by exploiting a cryptographic weakness in the signature algorithm or pseudorandom number generation and then uses this key to forge signatures from the original signer to mislead a victim into performing actions that benefit the attacker.

Nessus

  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-9359.NASL
    descriptionNew version 1.8.7p352 is released, fixing randomization process in forked process (CVE-2011-2686). Also ruby path is fixed to have no duplicate directories on all archs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55677
    published2011-07-26
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55677
    titleFedora 15 : ruby-1.8.7.352-1.fc15 (2011-9359)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were  
    # extracted from Fedora Security Advisory 2011-9359.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(55677);
      script_version("1.8");
      script_cvs_date("Date: 2019/08/02 13:32:35");
    
      script_cve_id("CVE-2011-2686", "CVE-2011-2705");
      script_xref(name:"FEDORA", value:"2011-9359");
    
      script_name(english:"Fedora 15 : ruby-1.8.7.352-1.fc15 (2011-9359)");
      script_summary(english:"Checks rpm output for the updated package.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote Fedora host is missing a security update."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "New version 1.8.7p352 is released, fixing randomization process in
    forked process (CVE-2011-2686). Also ruby path is fixed to have no
    duplicate directories on all archs.
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Fedora security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://bugzilla.redhat.com/show_bug.cgi?id=722415"
      );
      # https://lists.fedoraproject.org/pipermail/package-announce/2011-July/063071.html
      script_set_attribute(
        attribute:"see_also",
        value:"http://www.nessus.org/u?25e2b5e9"
      );
      script_set_attribute(attribute:"solution", value:"Update the affected ruby package.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:fedoraproject:fedora:ruby");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:fedoraproject:fedora:15");
    
      script_set_attribute(attribute:"patch_publication_date", value:"2011/07/16");
      script_set_attribute(attribute:"plugin_publication_date", value:"2011/07/26");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2011-2019 Tenable Network Security, Inc.");
      script_family(english:"Fedora Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/RedHat/release", "Host/RedHat/rpm-list");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("global_settings.inc");
    include("rpm.inc");
    
    if (!get_kb_item("Host/local_checks_enabled")) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/RedHat/release");
    if (isnull(release) || "Fedora" >!< release) audit(AUDIT_OS_NOT, "Fedora");
    os_ver = eregmatch(pattern: "Fedora.*release ([0-9]+)", string:release);
    if (isnull(os_ver)) audit(AUDIT_UNKNOWN_APP_VER, "Fedora");
    os_ver = os_ver[1];
    if (! ereg(pattern:"^15([^0-9]|$)", string:os_ver)) audit(AUDIT_OS_NOT, "Fedora 15.x", "Fedora " + os_ver);
    
    if (!get_kb_item("Host/RedHat/rpm-list")) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Fedora", cpu);
    
    flag = 0;
    if (rpm_check(release:"FC15", reference:"ruby-1.8.7.352-1.fc15")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else
    {
      tested = pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "ruby");
    }
    
  • NASL familySuSE Local Security Checks
    NASL idSUSE_RUBY-8524.NASL
    descriptionThe ruby interpreter received a fix for two security issues : - Ruby
    last seen2020-06-05
    modified2013-04-04
    plugin id65799
    published2013-04-04
    reporterThis script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/65799
    titleSuSE 10 Security Update : ruby (ZYPP Patch Number 8524)
    code
    #%NASL_MIN_LEVEL 80502
    #
    # (C) Tenable Network Security, Inc.
    #
    # The text description of this plugin is (C) Novell, Inc.
    #
    
    if (NASL_LEVEL < 3000) exit(0);
    
    include("compat.inc");
    
    if (description)
    {
      script_id(65799);
      script_version("1.5");
      script_set_attribute(attribute:"plugin_modification_date", value:"2020/06/04");
    
      script_cve_id("CVE-2011-2686", "CVE-2012-4464", "CVE-2012-4466", "CVE-2012-4522", "CVE-2013-1821");
    
      script_name(english:"SuSE 10 Security Update : ruby (ZYPP Patch Number 8524)");
      script_summary(english:"Checks rpm output for the updated package");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:"The remote SuSE 10 host is missing a security-related patch."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "The ruby interpreter received a fix for two security issues :
    
      - Ruby's $SAFE mechanism enables untrusted user codes to
        run in $SAFE >= 4 mode. This is a kind of sandboxing so
        some operations are restricted in that mode to protect
        other data outside the sandbox. (CVE-2012-4466)
    
        The problem found was around this mechanism.
        Exception#to_s, NameError#to_s, and name_err_mesg_to_s()
        interpreter-internal API was not correctly handling the
        $SAFE bits so a String object which is not tainted can
        destructively be marked as tainted using them. By using
        this an untrusted code in a sandbox can modify a
        formerly-untainted string destructively.
    
        http://www.ruby-lang.org/en/news/2012/10/12/cve-2012-446
        4-cve-2012-4466/
    
      - Ruby before 1.8.7-p352 does not reset the random seed
        upon forking, which makes it easier for
        context-dependent attackers to predict the values of
        random numbers by leveraging knowledge of the number
        sequence obtained in a different child process.
        (CVE-2011-2686)
    
      - Fix entity expansion DoS vulnerability in REXML. When
        reading text nodes from an XML document, the REXML
        parser could be coerced into allocating extremely large
        string objects which could consume all available memory
        on the system. (CVE-2013-1821)"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2011-2686.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4464.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4466.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2012-4522.html"
      );
      script_set_attribute(
        attribute:"see_also",
        value:"http://support.novell.com/security/cve/CVE-2013-1821.html"
      );
      script_set_attribute(attribute:"solution", value:"Apply ZYPP patch number 8524.");
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:suse:suse_linux");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2011/08/05");
      script_set_attribute(attribute:"patch_publication_date", value:"2013/03/26");
      script_set_attribute(attribute:"plugin_publication_date", value:"2013/04/04");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"This script is Copyright (C) 2013-2020 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"SuSE Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/local_checks_enabled", "Host/cpu", "Host/SuSE/release", "Host/SuSE/rpm-list");
    
      exit(0);
    }
    
    
    include("global_settings.inc");
    include("rpm.inc");
    
    
    if (!get_kb_item("Host/local_checks_enabled")) exit(0, "Local checks are not enabled.");
    if (!get_kb_item("Host/SuSE/release")) exit(0, "The host is not running SuSE.");
    if (!get_kb_item("Host/SuSE/rpm-list")) exit(1, "Could not obtain the list of installed packages.");
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) exit(1, "Failed to determine the architecture type.");
    if (cpu >!< "x86_64" && cpu !~ "^i[3-6]86$") exit(1, "Local checks for SuSE 10 on the '"+cpu+"' architecture have not been implemented.");
    
    
    flag = 0;
    if (rpm_check(release:"SLED10", sp:4, reference:"ruby-1.8.6.p369-0.14.1")) flag++;
    
    
    if (flag)
    {
      if (report_verbosity > 0) security_warning(port:0, extra:rpm_report_get());
      else security_warning(0);
      exit(0);
    }
    else exit(0, "The host is not affected.");
    
  • NASL familyUbuntu Local Security Checks
    NASL idUBUNTU_USN-1377-1.NASL
    descriptionDrew Yao discovered that the WEBrick HTTP server was vulnerable to cross-site scripting attacks when displaying error pages. A remote attacker could use this flaw to run arbitrary web script. (CVE-2010-0541) Drew Yao discovered that Ruby
    last seen2020-06-01
    modified2020-06-02
    plugin id58146
    published2012-02-28
    reporterUbuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/58146
    titleUbuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : ruby1.8 vulnerabilities (USN-1377-1)
    code
    #
    # (C) Tenable Network Security, Inc.
    #
    # The descriptive text and package checks in this plugin were
    # extracted from Ubuntu Security Notice USN-1377-1. The text 
    # itself is copyright (C) Canonical, Inc. See 
    # <http://www.ubuntu.com/usn/>. Ubuntu(R) is a registered 
    # trademark of Canonical, Inc.
    #
    
    include("compat.inc");
    
    if (description)
    {
      script_id(58146);
      script_version("1.10");
      script_cvs_date("Date: 2019/09/19 12:54:27");
    
      script_cve_id("CVE-2010-0541", "CVE-2011-0188", "CVE-2011-1004", "CVE-2011-1005", "CVE-2011-2686", "CVE-2011-2705", "CVE-2011-4815");
      script_bugtraq_id(40895, 46458, 46460, 46966, 49015, 51198);
      script_xref(name:"USN", value:"1377-1");
    
      script_name(english:"Ubuntu 10.04 LTS / 10.10 / 11.04 / 11.10 : ruby1.8 vulnerabilities (USN-1377-1)");
      script_summary(english:"Checks dpkg output for updated packages.");
    
      script_set_attribute(
        attribute:"synopsis", 
        value:
    "The remote Ubuntu host is missing one or more security-related
    patches."
      );
      script_set_attribute(
        attribute:"description", 
        value:
    "Drew Yao discovered that the WEBrick HTTP server was vulnerable to
    cross-site scripting attacks when displaying error pages. A remote
    attacker could use this flaw to run arbitrary web script.
    (CVE-2010-0541)
    
    Drew Yao discovered that Ruby's BigDecimal module did not properly
    allocate memory on 64-bit platforms. An attacker could use this flaw
    to cause a denial of service or possibly execute arbitrary code with
    user privileges. (CVE-2011-0188)
    
    Nicholas Jefferson discovered that the FileUtils.remove_entry_secure
    method in Ruby did not properly remove non-empty directories. An
    attacker could use this flaw to possibly delete arbitrary files.
    (CVE-2011-1004)
    
    It was discovered that Ruby incorrectly allowed untainted strings to
    be modified in protective safe levels. An attacker could use this flaw
    to bypass intended access restrictions. (CVE-2011-1005)
    
    Eric Wong discovered that Ruby does not properly reseed its
    pseudorandom number generator when creating child processes. An
    attacker could use this flaw to gain knowledge of the random numbers
    used in other Ruby child processes. (CVE-2011-2686)
    
    Eric Wong discovered that the SecureRandom module in Ruby did not
    properly seed its pseudorandom number generator. An attacker could use
    this flaw to gain knowledge of the random numbers used by another Ruby
    process with the same process ID number. (CVE-2011-2705)
    
    Alexander Klink and Julian Walde discovered that Ruby computed hash
    values without restricting the ability to trigger hash collisions
    predictably. A remote attacker could cause a denial of service by
    crafting values used in hash tables. (CVE-2011-4815).
    
    Note that Tenable Network Security has extracted the preceding
    description block directly from the Ubuntu security advisory. Tenable
    has attempted to automatically clean and format it as much as possible
    without introducing additional issues."
      );
      script_set_attribute(
        attribute:"see_also",
        value:"https://usn.ubuntu.com/1377-1/"
      );
      script_set_attribute(
        attribute:"solution", 
        value:"Update the affected libruby1.8 and / or ruby1.8 packages."
      );
      script_set_cvss_base_vector("CVSS2#AV:N/AC:L/Au:N/C:N/I:N/A:C");
      script_set_cvss_temporal_vector("CVSS2#E:U/RL:OF/RC:C");
      script_set_attribute(attribute:"exploitability_ease", value:"No known exploits are available");
      script_set_attribute(attribute:"exploit_available", value:"false");
    
      script_set_attribute(attribute:"plugin_type", value:"local");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:libruby1.8");
      script_set_attribute(attribute:"cpe", value:"p-cpe:/a:canonical:ubuntu_linux:ruby1.8");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.04:-:lts");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:10.10");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.04");
      script_set_attribute(attribute:"cpe", value:"cpe:/o:canonical:ubuntu_linux:11.10");
    
      script_set_attribute(attribute:"vuln_publication_date", value:"2010/06/17");
      script_set_attribute(attribute:"patch_publication_date", value:"2012/02/27");
      script_set_attribute(attribute:"plugin_publication_date", value:"2012/02/28");
      script_set_attribute(attribute:"generated_plugin", value:"current");
      script_end_attributes();
    
      script_category(ACT_GATHER_INFO);
      script_copyright(english:"Ubuntu Security Notice (C) 2012-2019 Canonical, Inc. / NASL script (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.");
      script_family(english:"Ubuntu Local Security Checks");
    
      script_dependencies("ssh_get_info.nasl");
      script_require_keys("Host/cpu", "Host/Ubuntu", "Host/Ubuntu/release", "Host/Debian/dpkg-l");
    
      exit(0);
    }
    
    
    include("audit.inc");
    include("ubuntu.inc");
    include("misc_func.inc");
    
    if ( ! get_kb_item("Host/local_checks_enabled") ) audit(AUDIT_LOCAL_CHECKS_NOT_ENABLED);
    release = get_kb_item("Host/Ubuntu/release");
    if ( isnull(release) ) audit(AUDIT_OS_NOT, "Ubuntu");
    release = chomp(release);
    if (! preg(pattern:"^(10\.04|10\.10|11\.04|11\.10)$", string:release)) audit(AUDIT_OS_NOT, "Ubuntu 10.04 / 10.10 / 11.04 / 11.10", "Ubuntu " + release);
    if ( ! get_kb_item("Host/Debian/dpkg-l") ) audit(AUDIT_PACKAGE_LIST_MISSING);
    
    cpu = get_kb_item("Host/cpu");
    if (isnull(cpu)) audit(AUDIT_UNKNOWN_ARCH);
    if ("x86_64" >!< cpu && cpu !~ "^i[3-6]86$") audit(AUDIT_LOCAL_CHECKS_NOT_IMPLEMENTED, "Ubuntu", cpu);
    
    flag = 0;
    
    if (ubuntu_check(osver:"10.04", pkgname:"libruby1.8", pkgver:"1.8.7.249-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"10.04", pkgname:"ruby1.8", pkgver:"1.8.7.249-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"libruby1.8", pkgver:"1.8.7.299-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"10.10", pkgname:"ruby1.8", pkgver:"1.8.7.299-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"libruby1.8", pkgver:"1.8.7.302-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"11.04", pkgname:"ruby1.8", pkgver:"1.8.7.302-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"libruby1.8", pkgver:"1.8.7.352-2ubuntu0.1")) flag++;
    if (ubuntu_check(osver:"11.10", pkgname:"ruby1.8", pkgver:"1.8.7.352-2ubuntu0.1")) flag++;
    
    if (flag)
    {
      security_report_v4(
        port       : 0,
        severity   : SECURITY_HOLE,
        extra      : ubuntu_report_get()
      );
      exit(0);
    }
    else
    {
      tested = ubuntu_pkg_tests_get();
      if (tested) audit(AUDIT_PACKAGE_NOT_AFFECTED, tested);
      else audit(AUDIT_PACKAGE_NOT_INSTALLED, "libruby1.8 / ruby1.8");
    }
    
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20120130_RUBY_ON_SL4_X.NASL
    descriptionRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A denial of service flaw was found in the implementation of associative arrays (hashes) in Ruby. An attacker able to supply a large number of inputs to a Ruby application (such as HTTP POST request parameters sent to a web application) that are used as keys when inserting data into an array could trigger multiple hash function collisions, making array operations take an excessive amount of CPU time. To mitigate this issue, randomization has been added to the hash function to reduce the chance of an attacker successfully causing intentional collisions. (CVE-2011-4815) It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted). (CVE-2011-3009) All users of ruby are advised to upgrade to these updated packages, which contain backported patches to resolve these issues.
    last seen2020-03-18
    modified2012-08-01
    plugin id61228
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61228
    titleScientific Linux Security Update : ruby on SL4.x, SL5.x i386/x86_64 (20120130)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_4_RUBY-120117.NASL
    descriptionThis update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes, which are fully compatible with the previous version. You can review the detailed list here : http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog The particularly noteworthy fixes are : - Hash functions are now using a randomized seed to avoid algorithmic complexity attacks (CVE-2011-4815). For this OpenSSL::Random.seed at the SecureRandom.random_bytes is used if available. - mkconfig.rb: fix for continued lines. - Fix Infinity to be greater than any bignum number. - initialize store->ex_data.sk. - some IPv6 related fixes - zlib fixes - reinitialize PRNG when forking children (CVE-2011-2686/CVE-2011-3009) - securerandom fixes (CVE-2011-2705) - uri route_to fixes - fix race condition with variables and autoload
    last seen2020-06-05
    modified2014-06-13
    plugin id76015
    published2014-06-13
    reporterThis script is Copyright (C) 2014-2020 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/76015
    titleopenSUSE Security Update : ruby (openSUSE-SU-2012:0228-1)
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_RUBY-187P357-120127.NASL
    descriptionThis update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes while maintaining full compatibility with the previous version. A detailailed list of changes is available from http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog . The most important fixes are : - Hash functions are now using a randomized seed to avoid algorithmic complexity attacks. If available, OpenSSL::Random.seed at the SecureRandom.random_bytes is used to achieve this. (CVE-2011-4815) - mkconfig.rb: fix for continued lines. - Fix Infinity to be greater than any bignum number. - Initialize store->ex_data.sk. - Several IPv6 related fixes. - Fixes for zlib. - Reinitialize PRNG when forking children. (CVE-2011-2686 / CVE-2011-3009) - Fixes to securerandom. (CVE-2011-2705) - Fix uri route_to - Fix race condition with variables and autoload.
    last seen2020-06-05
    modified2012-02-06
    plugin id57841
    published2012-02-06
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57841
    titleSuSE 11.1 Security Update : ruby (SAT Patch Number 5716)
  • NASL familyScientific Linux Local Security Checks
    NASL idSL_20111206_RUBY_ON_SL6_X.NASL
    descriptionRuby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted). (CVE-2011-3009) A flaw was found in the Ruby SecureRandom module. When using the SecureRandom.random_bytes class, the PRNG state was not modified after forking a child process. This could eventually lead to SecureRandom.random_bytes returning the same string more than once. An attacker keeping track of the strings returned by one child process could use this flaw to predict the strings SecureRandom.random_bytes would return in other child processes (as long as the parent process persisted). (CVE-2011-2705) This update also fixes the following bugs : - The ruby package has been upgraded to upstream point release 1.8.7-p352, which provides a number of bug fixes over the previous version. - The MD5 message-digest algorithm is not a FIPS-approved algorithm. Consequently, when a Ruby script attempted to calculate an MD5 checksum in FIPS mode, the interpreter terminated unexpectedly. This bug has been fixed and an exception is now raised in the described scenario. - Due to inappropriately handled line continuations in the mkconfig.rb source file, an attempt to build the ruby package resulted in unexpected termination. An upstream patch has been applied to address this issue and the ruby package can now be built properly. - When the 32-bit ruby-libs library was installed on a 64-bit machine, the mkmf library failed to load various modules necessary for building Ruby-related packages. This bug has been fixed and mkmf now works properly in the described scenario. - Previously, the load paths for scripts and binary modules were duplicated on the i386 architecture. Consequently, an ActiveSupport test failed. With this update, the load paths are no longer stored in duplicates on the i386 architecture. This update also adds the following enhancement : - With this update, SystemTap probes have been added to the ruby package. All users of ruby are advised to upgrade to these updated packages, which resolve these issues and add this enhancement.
    last seen2020-06-01
    modified2020-06-02
    plugin id61197
    published2012-08-01
    reporterThis script is Copyright (C) 2012-2019 and is owned by Tenable, Inc. or an Affiliate thereof.
    sourcehttps://www.tenable.com/plugins/nessus/61197
    titleScientific Linux Security Update : ruby on SL6.x i386/x86_64
  • NASL familySuSE Local Security Checks
    NASL idSUSE_11_RUBY-187P357-120126.NASL
    descriptionThis update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes while maintaining full compatibility with the previous version. A detailailed list of changes is available from http://svn.ruby-lang.org/repos/ruby/tags/v1_8_7_357/ChangeLog . The most important fixes are : - Hash functions are now using a randomized seed to avoid algorithmic complexity attacks. If available, OpenSSL::Random.seed at the SecureRandom.random_bytes is used to achieve this. (CVE-2011-4815) - mkconfig.rb: fix for continued lines. - Fix Infinity to be greater than any bignum number. - Initialize store->ex_data.sk. - Several IPv6 related fixes. - Fixes for zlib. - Reinitialize PRNG when forking children. (CVE-2011-2686 / CVE-2011-3009) - Fixes to securerandom. (CVE-2011-2705) - Fix uri route_to - Fix race condition with variables and autoload.
    last seen2020-06-05
    modified2012-02-06
    plugin id57840
    published2012-02-06
    reporterThis script is Copyright (C) 2012-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/57840
    titleSuSE 11.1 Security Update : ruby (SAT Patch Number 5716)
  • NASL familyFedora Local Security Checks
    NASL idFEDORA_2011-9374.NASL
    descriptionNew version 1.8.7p352 is released, fixing randomization process in forked process (CVE-2011-2686). Also ruby path is fixed to have no duplicate directories on all archs. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-06-01
    modified2020-06-02
    plugin id55678
    published2011-07-26
    reporterThis script is Copyright (C) 2011-2019 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/55678
    titleFedora 14 : ruby-1.8.7.352-1.fc14 (2011-9374)
  • NASL familyDebian Local Security Checks
    NASL idDEBIAN_DLA-88.NASL
    descriptionThis update fixes multiple local and remote denial of service and remote code execute problems : CVE-2011-0188 Properly allocate memory, to prevent arbitrary code execution or application crash. Reported by Drew Yao. CVE-2011-2686 Reinitialize the random seed when forking to prevent CVE-2003-0900 like situations. CVE-2011-2705 Modify PRNG state to prevent random number sequence repeatation at forked child process which has same pid. Reported by Eric Wong. CVE-2011-4815 Fix a problem with predictable hash collisions resulting in denial of service (CPU consumption) attacks. Reported by Alexander Klink and Julian Waelde. CVE-2014-8080 Fix REXML parser to prevent memory consumption denial of service via crafted XML documents. Reported by Willis Vandevanter. CVE-2014-8090 Add REXML::Document#document to complement the fix for CVE-2014-8080. Reported by Tomas Hoger. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues.
    last seen2020-03-17
    modified2015-03-26
    plugin id82233
    published2015-03-26
    reporterThis script is Copyright (C) 2015-2020 Tenable Network Security, Inc.
    sourcehttps://www.tenable.com/plugins/nessus/82233
    titleDebian DLA-88-1 : ruby1.8 security update

Seebug

bulletinFamilyexploit
descriptionBUGTRAQ ID: 49015 CVE ID: CVE-2011-2686 Ruby是一种功能强大的面向对象的脚本语言。 Ruby在处理随机数字生成的实现上存在本地拒绝服务漏洞,本地攻击者可利用此漏洞造成拒绝服务。 Yukihiro Matsumoto Ruby 1.8.7 x 厂商补丁: Yukihiro Matsumoto ------------------ 目前厂商已经发布了升级补丁以修复这个安全问题,请到厂商的主页下载: http://www.ruby-lang.org/
idSSV:20813
last seen2017-11-19
modified2011-08-06
published2011-08-06
reporterRoot
sourcehttps://www.seebug.org/vuldb/ssvid-20813
titleRuby随机数字生成本地拒绝服务漏洞