PT-2011-2432 · Openssh+1 · Openssh+1

Mateusz Kocielski

Published

2011-02-10

Updated

2026-05-29

CVE-2011-0539

CVSS v3.1

7.5

High

Vector

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions OpenSSH versions 5.6 through 5.7

Description The issue is related to the key certify function in OpenSSH, specifically when generating legacy certificates using the -t command-line option in ssh-keygen. This function does not initialize the nonce field, which could allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.

Recommendations For OpenSSH versions 5.6 through 5.7, consider disabling the use of the -t command-line option in ssh-keygen until a patch is available. As a temporary workaround, restrict access to the key certify function to minimize the risk of exploitation. At the moment, there is no information about a newer version that contains a fix for this vulnerability.

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-457CWE-264

Related Identifiers

ALT-PU-2024-3921

ALT-PU-2024-4077

ALT-PU-2024-4467

ALT-PU-2024-9513

CVE-2011-0539

Affected Products

Alt Linux

Openssh

PT-2011-2432 · Openssh+1 · Openssh+1

CVE-2011-0539

Weakness Enumeration

Related Identifiers

Affected Products

References · 15