Vulnerability Description
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
CVSS Score
MEDIUM
Affected Products
| Vendor | Product | Versions |
|---|---|---|
| Openbsd | Openssh | 5.6 |
Related Weaknesses (CWE)
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
- http://secunia.com/advisories/43181Vendor Advisory
- http://secunia.com/advisories/44269
- http://www.openssh.com/txt/legacy-cert.advPatchVendor Advisory
- http://www.openwall.com/lists/oss-security/2011/02/04/2
- http://www.securityfocus.com/bid/46155
- http://www.securitytracker.com/id?1025028
- http://www.vupen.com/english/advisories/2011/0284Vendor Advisory
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65163
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
- http://secunia.com/advisories/43181Vendor Advisory
- http://secunia.com/advisories/44269
- http://www.openssh.com/txt/legacy-cert.advPatchVendor Advisory
FAQ
What is CVE-2011-0539?
CVE-2011-0539 is a vulnerability with a CVSS score of 5.0 (MEDIUM). The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which mig...
How severe is CVE-2011-0539?
CVE-2011-0539 has been rated MEDIUM with a CVSS base score of 5.0/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2011-0539?
Check the references section above for vendor advisories and patch information. Affected products include: Openbsd Openssh.