Vulnerability Details CVE-2011-0539
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
Exploit prediction scoring system (EPSS) score
EPSS Score 0.015
EPSS Ranking 80.5%
CVSS Severity
CVSS v2 Score 5.0
References
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
- http://secunia.com/advisories/43181
- http://secunia.com/advisories/44269
- http://www.openssh.com/txt/legacy-cert.adv
- http://www.openwall.com/lists/oss-security/2011/02/04/2
- http://www.securityfocus.com/bid/46155
- http://www.securitytracker.com/id?1025028
- http://www.vupen.com/english/advisories/2011/0284
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65163
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
- http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
- http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
- http://secunia.com/advisories/43181
- http://secunia.com/advisories/44269
- http://www.openssh.com/txt/legacy-cert.adv
- http://www.openwall.com/lists/oss-security/2011/02/04/2
- http://www.securityfocus.com/bid/46155
- http://www.securitytracker.com/id?1025028
- http://www.vupen.com/english/advisories/2011/0284
- https://exchange.xforce.ibmcloud.com/vulnerabilities/65163