Your submission was sent successfully! Close

CVE-2011-4121

Published: 26 November 2019

The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.

Priority

High

CVSS 3 base score: 9.8

Status

Package Release Status
ruby1.9.1
Launchpad, Ubuntu, Debian
hardy Does not exist

lucid Not vulnerable

maverick Not vulnerable

natty Not vulnerable

oneiric Not vulnerable

upstream Needs triage

Notes

AuthorNote
jdstrand
ruby1.8 and ruby1.9 not affected. ruby1.9.1 only affected. This
seems to only be a problem in a pre-release version of ruby 1.9.4.0
introduced in http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33155
fix is http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33633

References

Bugs