Release date:
Updated on:
Affected Systems:
Yukihiro Matsumoto Ruby 1.8.7 x
Unaffected system:
Yukihiro Matsumoto Ruby 1.8.7-P352
Description:
--------------------------------------------------------------------------------
Bugtraq id: 49015
Cve id: CVE-2011-2686
Ruby is a powerful object-oriented scripting language.
Ruby has a local denial of service vulnerability in the implementation of processing random numbers. Local attackers can exploit this vulnerability to cause denial of service.
<* Source: Meltem Parmaksiz
Link: http://bugs.pardus.org.tr/show_bug.cgi? Id = 18694
*>
Test method:
--------------------------------------------------------------------------------
Alert
The following procedures (methods) may be offensive and are intended only for security research and teaching. Users are at your own risk!
48978. py
Suggestion:
--------------------------------------------------------------------------------
Vendor patch:
Yukihiro Matsumoto
------------------
The vendor has released a patch to fix this security problem. Please download it from the vendor's homepage:
Http://www.ruby-lang.org/