CVE-2011-0539 — Openssh vulnerability

CWE-2648 documents7 sources

Severity

5.0MEDIUMNVD

EPSS

1.3%

top 20.44%

CISA KEV

Not in KEV

Exploit

No known exploits

Affected products

Openbsd Openssh

Timeline

PublishedFeb 10

Latest updateMay 17

Description

The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.

CVSS vector

AV:N/AC:L/C:P/I:N/A:NExploitability: 10.0 | Impact: 2.9

Affected Packages2 packages

▶Debianopenbsd/openssh< 1:5.8p1-2+3

▶NVDopenbsd/openssh5.6, 5.7+1

Patches

Patch: www.openssh.com ↗Patch: www.openssh.com ↗

🔴Vulnerability Details

GHSA

GHSA-395x-3x8q-mv38: The key_certify function in usr↗2022-05-17

▶

OSV

CVE-2011-0539: The key_certify function in usr↗2011-02-10

▶

CVEList

CVE-2011-0539: The key_certify function in usr↗2011-02-10

▶

📋Vendor Advisories

Red Hat

OpenSSH: legacy certificate generation information leak↗2011-02-04

▶

Debian

CVE-2011-0539: openssh - The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when gener...↗2011

▶

💬Community

Bugzilla

CVE-2011-0539 OpenSSH: legacy certificate generation information leak [fedora-15]↗2011-07-01

▶

Bugzilla

CVE-2011-0539 OpenSSH: legacy certificate generation information leak↗2011-02-04

▶