CVE-2011-4121

Published: 26 November 2019

The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.

Notes

ruby1.8 and ruby1.9 not affected. ruby1.9.1 only affected. This
seems to only be a problem in a pre-release version of ruby 1.9.4.0
introduced in http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33155
fix is http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33633

Priority

High

CVSS 3 base score: 9.8

Status

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4121
• NVD
• Launchpad
• Debian

Bugs

• https://bugzilla.redhat.com/show_bug.cgi?id=751800