CVE-2011-0539
published 2011-02-10CVE-2011-0539: The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does…
PriorityP337high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EPSS
1.80%
75.7th percentile
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
Affected
7 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| debian | openssh | < openssh 1:5.8p1-2 (bookworm) | openssh 1:5.8p1-2 (bookworm) |
| openbsd | openssh | — | — |
| openbsd | openssh | — | — |
| openbsd | openssh | >= 0 < 1:5.8p1-2 | 1:5.8p1-2 |
| openbsd | openssh | >= 0 < 1:5.8p1-2 | 1:5.8p1-2 |
| openbsd | openssh | >= 0 < 1:5.8p1-2 | 1:5.8p1-2 |
| openbsd | openssh | >= 0 < 1:5.8p1-2 | 1:5.8p1-2 |
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
osv5.0MEDIUM
vendor_debian5.0MEDIUM
vendor_redhat5.0MEDIUM
Stop checking back — get the weekly exploitation signal.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
VulDB
OpenSSH 5.6/5.7 Legacy Certificate access control (Nessus ID 51920 / ID 216077)
vuldb·2026-05-29·CVSS 7.5
CVE-2011-0539 [HIGH] OpenSSH 5.6/5.7 Legacy Certificate access control (Nessus ID 51920 / ID 216077)
A vulnerability marked as problematic has been reported in OpenSSH 5.6/5.7. This affects an unknown part of the component Legacy Certificate Handler. Performing a manipulation as part of Legacy Certificate results in improper access controls.
This vulnerability is identified as CVE-2011-0539. The attack can only be performed from the local network. There is not any exploit available.
It is suggested to install a patch to address this issue.
GHSA
GHSA-395x-3x8q-mv38: The key_certify function in usr
ghsa_unreviewed·2022-05-17
CVE-2011-0539 [MEDIUM] GHSA-395x-3x8q-mv38: The key_certify function in usr
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
OSV
CVE-2011-0539: The key_certify function in usr
osv·2011-02-10·CVSS 5.0
CVE-2011-0539 [MEDIUM] CVE-2011-0539: The key_certify function in usr
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
Red Hat
OpenSSH: legacy certificate generation information leak
vendor_redhat·2011-02-04·CVSS 5.0
CVE-2011-0539 [MEDIUM] OpenSSH: legacy certificate generation information leak
OpenSSH: legacy certificate generation information leak
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
Statement: Not vulnerable. This issue did not affect the versions of openssh as shipped with Red Hat Enterprise Linux 4, 5, or 6.
Package: openssh (Red Hat Enterprise Linux 4) - Not affected
Package: openssh (Red Hat Enterprise Linux 5) - Not affected
Package: openssh (Red Hat Enterprise Linux 6) - Not affected
Debian
CVE-2011-0539: openssh - The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when gener...
vendor_debian·2011·CVSS 5.0
CVE-2011-0539 [MEDIUM] CVE-2011-0539: openssh - The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when gener...
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
Scope: local
bookworm: resolved (fixed in 1:5.8p1-2)
bullseye: resolved (fixed in 1:5.8p1-2)
forky: resolved (fixed in 1:5.8p1-2)
sid: resolved (fixed in 1:5.8p1-2)
trixie: resolved (fixed in 1:5.8p1-2)
No detection rules found.
No public exploits indexed.
Bugzilla
CVE-2011-0539 OpenSSH: legacy certificate generation information leak [fedora-15]
bugzilla·2011-07-01·CVSS 5.0
CVE-2011-0539 [MEDIUM] CVE-2011-0539 OpenSSH: legacy certificate generation information leak [fedora-15]
CVE-2011-0539 OpenSSH: legacy certificate generation information leak [fedora-15]
fedora-15 tracking bug for openssh: see blocks bug list for full details of the security issue(s).
This bug is never intended to be made public, please put any public notes
in the 'blocks' bugs.
[bug automatically created by: add-tracking-bugs]
Discussion:
The blocks bug is closed without listing fedora. Security scanners are now listing 5.6 as a vulnerability due to due to this problem. Will there be an update to 5.8 in F15, or should I leave the port closed until a scheduled upgrade can be done?
---
Do you use the legacy *[email protected] certificates? If not then you're not vulnerable. This is extremely low impact vulnerability without any known attack. It does not make much sense to update to
Bugzilla
CVE-2011-0539 OpenSSH: legacy certificate generation information leak
bugzilla·2011-02-04·CVSS 5.0
CVE-2011-0539 [MEDIUM] CVE-2011-0539 OpenSSH: legacy certificate generation information leak
CVE-2011-0539 OpenSSH: legacy certificate generation information leak
From the upstream advisory:
http://www.openssh.com/txt/legacy-cert.adv
When generating legacy *[email protected] certificates,
the nonce field was not being correctly filled with random
data but was left uninitialised, containing the contents of
the stack.
The contents of the stack at this point in ssh-keygen's
execution do not appear to leak the CA private key or other
sensitive data, but this possibility cannot be excluded on
all platforms and library versions.
If certificates are generated using user-specified contents
(as opposed to the CA specifying all fields) then they will
be less resistant to hash collision attacks. Fortunately,
such attacks are not currently considered practical for the
SHA family of ha
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673http://secunia.com/advisories/43181http://secunia.com/advisories/44269http://www.openssh.com/txt/legacy-cert.advhttp://www.openwall.com/lists/oss-security/2011/02/04/2http://www.securityfocus.com/bid/46155http://www.securitytracker.com/id?1025028http://www.vupen.com/english/advisories/2011/0284https://exchange.xforce.ibmcloud.com/vulnerabilities/65163http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673http://secunia.com/advisories/43181http://secunia.com/advisories/44269http://www.openssh.com/txt/legacy-cert.advhttp://www.openwall.com/lists/oss-security/2011/02/04/2http://www.securityfocus.com/bid/46155http://www.securitytracker.com/id?1025028http://www.vupen.com/english/advisories/2011/0284https://exchange.xforce.ibmcloud.com/vulnerabilities/65163
2011-02-10
Published