CVE-2003-0900
published 2003-12-31CVE-2003-0900: Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.
PriorityP414medium5CVSS 2.0
AVNACLAuNCPINAN
EPSS
1.24%
65.4th percentile
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.
Affected
18 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | perl | < perl 5.8.2 (bookworm) | perl 5.8.2 (bookworm) |
| larry_wall | perl | — | — |
| perl | perl | >= 0 < 5.8.2 | 5.8.2 |
| perl | perl | >= 0 < 5.8.2 | 5.8.2 |
| perl | perl | >= 0 < 5.8.2 | 5.8.2 |
| perl | perl | >= 0 < 5.8.2 | 5.8.2 |
| ruby-lang | ruby | <= 1.8.6 | — |
| ruby-lang | ruby | <= 1.8.7-334 | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
| ruby-lang | ruby | — | — |
CVSS provenance
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
Red Hat
ruby: Properly initialize the random number generator when forking new process
vendor_redhat·2011-07-02·CVSS 5.0
CVE-2011-2686 [MEDIUM] ruby: Properly initialize the random number generator when forking new process
ruby: Properly initialize the random number generator when forking new process
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.
Package: ruby (Red Hat Enterprise Linux 4) - Affected
Package: ruby (Red Hat Enterprise Linux 5) - Affected
Package: ruby (Red Hat Enterprise Linux 6) - Affected
Red Hat
ruby: Properly initialize the random number generator when forking new process
vendor_redhat·2011-07-02·CVSS 5.0
CVE-2011-3009 [MEDIUM] ruby: Properly initialize the random number generator when forking new process
ruby: Properly initialize the random number generator when forking new process
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.
Statement: The Red Hat Security Response Team has rated this issue as having low security impact, a future update may address this flaw in Red Hat Enterprise Linux 4 and 5.
Debian
CVE-2003-0900: perl - Perl 5.8.1 on Fedora Core does not properly initialize the random number generat...
vendor_debian·2003·CVSS 5.0
CVE-2003-0900 [MEDIUM] CVE-2003-0900: perl - Perl 5.8.1 on Fedora Core does not properly initialize the random number generat...
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.
Scope: local
bookworm: resolved (fixed in 5.8.2)
bullseye: resolved (fixed in 5.8.2)
forky: resolved (fixed in 5.8.2)
sid: resolved (fixed in 5.8.2)
trixie: resolved (fixed in 5.8.2)
GHSA
GHSA-g8g6-3p4h-6388: Ruby before 1
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2011-2686 [MEDIUM] GHSA-g8g6-3p4h-6388: Ruby before 1
Ruby before 1.8.7-p352 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900. NOTE: this issue exists because of a regression during Ruby 1.8.6 development.
GHSA
GHSA-mg6g-jwh6-pwjf: Ruby before 1
ghsa_unreviewed·2022-05-17·CVSS 5.0
CVE-2011-3009 [MEDIUM] GHSA-mg6g-jwh6-pwjf: Ruby before 1
Ruby before 1.8.6-p114 does not reset the random seed upon forking, which makes it easier for context-dependent attackers to predict the values of random numbers by leveraging knowledge of the number sequence obtained in a different child process, a related issue to CVE-2003-0900.
GHSA
GHSA-x75m-p75h-4759: Perl 5
ghsa_unreviewed·2022-04-29
CVE-2003-0900 [MEDIUM] GHSA-x75m-p75h-4759: Perl 5
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.
OSV
CVE-2003-0900: Perl 5
osv·2003-12-31·CVSS 5.0
CVE-2003-0900 [MEDIUM] CVE-2003-0900: Perl 5
Perl 5.8.1 on Fedora Core does not properly initialize the random number generator when forking, which makes it easier for attackers to predict random numbers.
No detection rules found.
No public exploits indexed.
2003-12-31
Published