CVE-2011-0539
Description
OpenSSH 5.6 and 5.7 leave the nonce field uninitialized in legacy certificates, leaking stack memory and reducing hash collision resistance.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
OpenSSH 5.6 and 5.7 leave the nonce field uninitialized in legacy certificates, leaking stack memory and reducing hash collision resistance.
Vulnerability
The key_certify function in usr.bin/ssh/key.c of OpenSSH 5.6 and 5.7 does not initialize the nonce field when generating legacy certificates (*-cert-v00@openssh.com) using the -t command-line option in ssh-keygen. This leaves the nonce uninitialized, containing whatever data was on the stack at that point [2].
Exploitation
An attacker must have access to a legacy certificate generated by a vulnerable OpenSSH version (5.6 or 5.7) with the -t option. The attacker can then analyze the certificate's nonce field to extract stack memory contents. Additionally, because the nonce is not random, the certificate becomes less resistant to hash collision attacks, though such attacks are not currently practical for SHA family hashes [2].
Impact
Successful exploitation could leak sensitive stack memory contents, potentially including confidential information. The advisory notes that the stack contents at that point do not appear to leak the CA private key, but this cannot be excluded on all platforms. Furthermore, the reduced entropy in the nonce weakens resistance to hash collision attacks, which could facilitate certificate forgery in the future [2].
Mitigation
The vulnerability is fixed in OpenSSH 5.8, released on February 3, 2011 [2]. Users should upgrade to OpenSSH 5.8 or later. As a workaround, avoid generating legacy certificates using OpenSSH 5.6 or 5.7. If legacy certificates have been issued with a vulnerable version, consider rotating any CA key used [2].
AI Insight generated on May 29, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
3- Range: 5.6 through 5.7
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
10- www.openssh.com/txt/legacy-cert.advnvdPatchVendor Advisory
- secunia.com/advisories/43181nvdVendor Advisory
- www.vupen.com/english/advisories/2011/0284nvdVendor Advisory
- h20000.www2.hp.com/bizsupport/TechSupport/Document.jspnvd
- kb.juniper.net/InfoCenter/indexnvd
- secunia.com/advisories/44269nvd
- www.openwall.com/lists/oss-security/2011/02/04/2nvd
- www.securityfocus.com/bid/46155nvd
- www.securitytracker.com/idnvd
- exchange.xforce.ibmcloud.com/vulnerabilities/65163nvd
News mentions
0No linked articles in our index yet.