CVE-2011-0539

The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
Configurations

Configuration 1 (hide)

OR cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*
cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*

History

No history.

Information

Published : 2011-02-10 18:00

Updated : 2024-02-28 11:41


NVD link : CVE-2011-0539

Mitre link : CVE-2011-0539

CVE.ORG link : CVE-2011-0539


JSON object : View

Products Affected

openbsd

  • openssh
CWE
CWE-264

Permissions, Privileges, and Access Controls