5 Medium
CVSS2
Access Vector
NETWORK
Access Complexity
LOW
Authentication
NONE
Confidentiality Impact
PARTIAL
Integrity Impact
NONE
Availability Impact
NONE
AV:N/AC:L/Au:N/C:P/I:N/A:N
ruby is vulnerable to information disclosure. It was found that Ruby did not reinitialize the PRNG (pseudorandom number generator) after forking a child process. This could eventually lead to the PRNG returning the same result twice. An attacker keeping track of the values returned by one child process could use this flaw to predict the values the PRNG would return in other child processes (as long as the parent process persisted).
redmine.ruby-lang.org/issues/show/4338
rhn.redhat.com/errata/RHSA-2012-0070.html
www.openwall.com/lists/oss-security/2011/07/20/1
www.redhat.com/support/errata/RHSA-2011-1581.html
www.securityfocus.com/bid/49126
access.redhat.com/errata/RHSA-2011:1581
access.redhat.com/security/updates/classification/#low
exchange.xforce.ibmcloud.com/vulnerabilities/69157