CVE-2011-0539

EUVD-2011-0557
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTPrimary
5 UNKNOWN
NETWORK
LOW
AV:N/AC:L/Au:N/C:P/I:N/A:N
Base Score
CVSS 3.x
EPSS Score
Percentile: 82%
Affected Products (NVD)
VendorProductVersion
openbsdopenssh
5.6
openbsdopenssh
5.7
𝑥
= Vulnerable software versions
Debian logo
Debian Releases
Debian Product
Codename
openssh
bookworm
1:9.2p1-2+deb12u3
fixed
bookworm (security)
1:9.2p1-2+deb12u3
fixed
bullseye
1:8.4p1-5+deb11u3
fixed
bullseye (security)
1:8.4p1-5+deb11u3
fixed
lenny
not-affected
sid
1:9.9p1-3
fixed
squeeze
not-affected
trixie
1:9.9p1-3
fixed
Ubuntu logo
Ubuntu Releases
Ubuntu Product
Codename
openssh
dapper
not-affected
hardy
not-affected
karmic
not-affected
lucid
not-affected
maverick
not-affected
Common Weakness Enumeration
References
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
http://secunia.com/advisories/43181
http://secunia.com/advisories/44269
http://www.openssh.com/txt/legacy-cert.adv
http://www.openwall.com/lists/oss-security/2011/02/04/2
http://www.securityfocus.com/bid/46155
http://www.securitytracker.com/id?1025028
http://www.vupen.com/english/advisories/2011/0284
https://exchange.xforce.ibmcloud.com/vulnerabilities/65163
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
http://secunia.com/advisories/43181
http://secunia.com/advisories/44269
http://www.openssh.com/txt/legacy-cert.adv
http://www.openwall.com/lists/oss-security/2011/02/04/2
http://www.securityfocus.com/bid/46155
http://www.securitytracker.com/id?1025028
http://www.vupen.com/english/advisories/2011/0284
https://exchange.xforce.ibmcloud.com/vulnerabilities/65163