CVE-2011-0539

Name	CVE-2011-0539
Description	The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
Source	CVE (at NVD; CERT, LWN, oss-sec, fulldisc, Red Hat, Ubuntu, Gentoo, SUSE bugzilla/CVE, GitHub advisories/code/issues, web search, more)

Vulnerable and fixed packages

The table below lists information on source packages.

Source Package	Release	Version	Status
openssh (PTS)	buster	1:7.9p1-10+deb10u2	fixed
	buster (security)	1:7.9p1-10+deb10u4	fixed
	bullseye (security), bullseye	1:8.4p1-5+deb11u3	fixed
	bookworm, bookworm (security)	1:9.2p1-2+deb12u2	fixed
	trixie	1:9.6p1-4	fixed
	sid	1:9.7p1-4	fixed

The information below is based on the following data on fixed versions.

Package	Type	Release	Fixed Version
openssh	source	lenny	(not affected)
openssh	source	squeeze	(not affected)
openssh	source	(unstable)	1:5.8p1-2

[squeeze] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)
[lenny] - openssh <not-affected> (Only affects OpenSSH 5.6 and 5.7)