Keep Track of the Latest Vulnerabilities
with SecurityTracker!
    Home    |    View Topics    |    Search    |    Contact Us    |   


Sign Up
Sign Up for Your FREE Weekly SecurityTracker E-mail Alert Summary
Instant Alerts
Buy our Premium Vulnerability Notification Service to receive customized, instant alerts
Put SecurityTracker Vulnerability Alerts on Your Web Site -- It's Free!
Become a Partner and License Our Database or Notification Service
Report a Bug
Report a vulnerability that you have found to SecurityTracker

Category:   Application (VPN)  >   OpenSSH Vendors:
OpenSSH Legacy Certificates May Disclose Stack Contents to Remote Users
SecurityTracker Alert ID:  1025028
SecurityTracker URL:
CVE Reference:   CVE-2011-0539   (Links to External Site)
Updated:  Feb 14 2011
Original Entry Date:  Feb 7 2011
Impact:   Disclosure of system information
Fix Available:  Yes  Vendor Confirmed:  Yes  
Version(s): 5.6, 5.7
Description:   A vulnerability was reported in OpenSSH. A remote user may be able to obtain stack contents via legacy certificates.

Legacy certificates generated by OpenSSH may contain data from the stack.

Versions 5.6 and 5.7 are affected when generating legacy certificates using the "-t" option on the ssh-keygen CA command-line.

The vendor was notified on January 26, 2011.

Mateusz Kocielski reported this vulnerability.

Impact:   A remote user may be able to obtain stack contents via legacy certificates.
Solution:   The vendor has issued a fix (5.8).

The vendor's advisory is available at:

Vendor URL: (Links to External Site)
Cause:   Access control error
Underlying OS:   Linux (Any), UNIX (Any), Windows (Any)

Message History:   None.

 Source Message Contents

Date:  Mon, 07 Feb 2011 22:47:18 +0000
Subject:  OpenSSH

OpenSSH Security Advisory: legacy-certs.adv

This document may be found at:

1. Vulnerability

        Legacy certificates generated by OpenSSH might contain data
        from the stack thus leaking confidential information.

2. Affected configurations

        OpenSSH 5.6 and OpenSSH 5.7 only when generating legacy
        certificates. These must be specifically requested using the
        "-t" option on the ssh-keygen CA command-line.

3. Mitigation

        Avoid generating legacy certificates using OpenSSH 5.6 or 5.7

        If legacy certificates have been issued with a vulnerable
        OpenSSH version, consider rotating any CA key used.

4. Details

        When generating legacy * certificates,
        the nonce field was not being correctly filled with random
        data but was left uninitialised, containing the contents of
        the stack.

        The contents of the stack at this point in ssh-keygen's
        execution do not appear to leak the CA private key or other
        sensitive data, but this possibility cannot be excluded on
        all platforms and library versions.

        If certificates are generated using user-specified contents
        (as opposed to the CA specifying all fields) then they will
        be less resistant to hash collision attacks. Fortunately,
        such attacks are not currently considered practical for the
        SHA family of hashes used to sign these certificates.

5. Credit

        This issue was privately reported by Mateusz Kocielski on
        January 26, 2011.

6. Fix

        OpenSSH 5.8 contains a fix for this vulnerability. Users who
        prefer to continue to use OpenSSH 5.6 or 5.7 may apply this

Index: key.c
RCS file: /cvs/src/usr.bin/ssh/key.c,v
retrieving revision 1.95
diff -u -r1.95 key.c
--- key.c	10 Nov 2010 01:33:07 -0000	1.95
+++ key.c	3 Feb 2011 06:52:33 -0000
@@ -1823,8 +1823,8 @@
 	buffer_put_cstring(&k->cert->certblob, key_ssh_name(k));
 	/* -v01 certs put nonce first */
+	arc4random_buf(&nonce, sizeof(nonce));
 	if (!key_cert_is_legacy(k)) {
-		arc4random_buf(&nonce, sizeof(nonce));
 		buffer_put_string(&k->cert->certblob, nonce, sizeof(nonce));


Go to the Top of This SecurityTracker Archive Page

Home   |    View Topics   |    Search   |    Contact Us

Copyright 2015, LLC