Vulnerabilities

CVE-2011-0539

by Fred · 10/02/2011

The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.

Date published : 2011-02-10

http://www.securityfocus.com/bid/46155

http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673

Similar

Tags: Cybersecurity Alert