CVE-2011-0539 : The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when gener

The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.

Published 2011-02-10 18:00:58

Updated 2017-08-17 01:33:37

Source Red Hat, Inc.

View at NVD, CVE.org

Products affected by CVE-2011-0539

Openbsd » Openssh » Version: 5.7
cpe:2.3:a:openbsd:openssh:5.7:*:*:*:*:*:*:*
Matching versions
Openbsd » Openssh » Version: 5.6
cpe:2.3:a:openbsd:openssh:5.6:*:*:*:*:*:*:*
Matching versions

Threat overview for CVE-2011-0539

Top countries where our scanners detected CVE-2011-0539

Top open port discovered on systems with this issue 22

IPs affected by CVE-2011-0539 9,132

Threat actors abusing to this issue? Yes

Find out if you^* are affected by CVE-2011-0539!

^*Directly or indirectly through your vendors, service providers and 3rd parties. Powered by attack surface intelligence from SecurityScorecard.

Exploit prediction scoring system (EPSS) score for CVE-2011-0539

EPSS FAQ

1.72%

Probability of exploitation activity in the next 30 days EPSS Score History

~ 81 %

Percentile, the proportion of vulnerabilities that are scored at or less

CVSS scores for CVE-2011-0539

Base Score	Base Severity	CVSS Vector	Exploitability Score	Impact Score	Score Source	First Seen
5.0	MEDIUM	AV:N/AC:L/Au:N/C:P/I:N/A:N	10.0	2.9	NIST
Access Vector: Network Access Complexity: Low Authentication: None Confidentiality Impact: Partial Integrity Impact: None Availability Impact: None

CWE ids for CVE-2011-0539

CWE-264

Assigned by: nvd@nist.gov (Primary)

References for CVE-2011-0539

http://www.securitytracker.com/id?1025028

OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users - SecurityTracker
https://exchange.xforce.ibmcloud.com/vulnerabilities/65163

OpenSSH certificate information disclosure CVE-2011-0539 Vulnerability Report
http://www.securityfocus.com/bid/46155

OpenSSH Legacy Certificate Signing Information Disclosure Vulnerability
http://www.openssh.com/txt/legacy-cert.adv

Patch;Vendor Advisory
http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

Juniper Networks - 2015-04 Security Bulletin: IDP: Multiple vulnerabilities addressed by third party software updates.

CVEs referencing this url
http://www.vupen.com/english/advisories/2011/0284

Webmail | OVH- OVH
Vendor Advisory
http://www.openwall.com/lists/oss-security/2011/02/04/2

oss-security - Re: [vendor-sec] OpenSSH security advisory: legacy certificate signing in 5.6/5.7
http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777

CVEs referencing this url