CVE-2011-0539
OpenSSH 5.6-5.7 - Information Disclosure via Uninitialized Nonce in Legacy Certificate Generation
Title source: llmDescription
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
References (10)
Core 10
Core References
Mailing List mailing-list
x_refsource_mlist
http://www.openwall.com/lists/oss-security/2011/02/04/2
Third Party Advisory, VDB Entry vdb-entry
x_refsource_sectrack
http://www.securitytracker.com/id?1025028
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/46155
Vendor Advisory x_refsource_confirm
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
Vendor Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2011/0284
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/43181
Vendor Advisory vendor-advisory
x_refsource_hp
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
Third Party Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/44269
Patch, Vendor Advisory x_refsource_confirm
http://www.openssh.com/txt/legacy-cert.adv
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/65163
Scores
EPSS
0.0127
EPSS Percentile
79.8%
Details
CWE
CWE-264
Status
published
Products (2)
openbsd/openssh
5.6
openbsd/openssh
5.7
Published
Feb 10, 2011
Tracked Since
Feb 18, 2026