CVE-2011-4121

Published: 26 November 2019

The OpenSSL extension of Ruby (Git trunk) versions after 2011-09-01 up to 2011-11-03 always generated an exponent value of '1' to be used for private RSA key generation. A remote attacker could use this flaw to bypass or corrupt integrity of services, depending on strong private RSA keys generation mechanism.

Priority

High

CVSS 3 base score: 9.8

Status

Notes

ruby1.8 and ruby1.9 not affected. ruby1.9.1 only affected. This
seems to only be a problem in a pre-release version of ruby 1.9.4.0
introduced in http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33155
fix is http://svn.ruby-lang.org/cgi-bin/viewvc.cgi?view=revision&revision=33633

References

• https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-4121
• NVD
• Launchpad
• Debian

Bugs

• https://bugzilla.redhat.com/show_bug.cgi?id=751800