CVE-2011-4121
Published: 26 November 2019
The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.
Notes
Author | Note |
---|---|
jdstrand | ruby1.8 and ruby1.9 not affected. ruby1.9.1 only affected. This seems to only be a problem in a pre-release version of ruby 1.9.4.0 introduced in http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33155 fix is http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33633 |
Priority
Severity score breakdown
Parameter | Value |
---|---|
Base score | 9.8 |
Attack vector | Network |
Attack complexity | Low |
Privileges required | None |
User interaction | None |
Scope | Unchanged |
Confidentiality | High |
Integrity impact | High |
Availability impact | High |
Vector | CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |