製品・ソフトウェアに関する情報

JVN脆弱性詳細

OpenSSH の key_certify 関数におけるスタックメモリ領域の重要なコンテンツ情報を取得される脆弱性

Title	OpenSSH の key_certify 関数におけるスタックメモリ領域の重要なコンテンツ情報を取得される脆弱性
Summary	OpenSSH の usr.bin/ssh/key.c 内にある ssh-keygen の key_certify 関数は、-t command-line option の使用を伴う古い形式の証明書を生成する際、nonce フィールドの初期化を行わないため、スタックメモリ領域の重要なコンテンツ情報を取得される、またはハッシュ衝突攻撃を誘導される脆弱性が存在します。
Possible impacts	第三者により、スタックメモリ領域の重要なコンテンツ情報を取得される、またはハッシュ衝突攻撃を誘導される可能性があります。
Solution	ベンダ情報及び参考情報を参照して適切な対策を実施してください。
Publication Date	Feb. 10, 2011, midnight
Registration Date	March 17, 2011, 4:24 p.m.
Last Update	March 17, 2011, 4:24 p.m.

Affected System

OpenBSD

OpenSSH 5.6

OpenSSH 5.7

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2011-0539	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2011-0539
National Vulnerability Database (NVD)
2	CVE-2011-0539	http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2011-0539

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-264	https://jvndb.jvn.jp/ja/cwe/CWE-264.html

ベンダー情報

No	Name	URL
OpenSSH
1	legacy-cert.adv	http://www.openssh.com/txt/legacy-cert.adv
2	Top Page	http://www.openssh.com/

その他

No	Name	URL
ISS X-Force Database
1	65163	http://xforce.iss.net/xforce/xfdb/65163
Secunia Advisory
2	SA43181	http://secunia.com/advisories/43181
SecurityFocus
3	46155	http://www.securityfocus.com/bid/46155
SecurityTracker
4	1025028	http://www.securitytracker.com/id?1025028
VUPEN Security
5	VUPEN/ADV-2011-0284	http://www.vupen.com/english/advisories/2011/0284

Change Log

No	Changed Details	Date of change
0	[2011年03月17日] 掲載	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2011-0539

Summary	The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
Publication Date	Feb. 11, 2011, 3 a.m.
Registration Date	Jan. 28, 2021, 4:37 p.m.
Last Update	Nov. 21, 2024, 10:24 a.m.

Affected software configurations

Related information, measures and tools

No	URL	タグ
1	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
2	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
3	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
4	http://secunia.com/advisories/43181	Vendor Advisory
5	http://secunia.com/advisories/44269
6	http://www.openssh.com/txt/legacy-cert.adv	Patch Vendor Advisory
7	http://www.openwall.com/lists/oss-security/2011/02/04/2
8	http://www.securityfocus.com/bid/46155
9	http://www.securitytracker.com/id?1025028
10	http://www.vupen.com/english/advisories/2011/0284	Vendor Advisory
11	https://exchange.xforce.ibmcloud.com/vulnerabilities/65163
12	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777
13	https://exchange.xforce.ibmcloud.com/vulnerabilities/65163
14	http://www.vupen.com/english/advisories/2011/0284	Vendor Advisory
15	http://www.securitytracker.com/id?1025028
16	http://www.securityfocus.com/bid/46155
17	http://www.openwall.com/lists/oss-security/2011/02/04/2
18	http://www.openssh.com/txt/legacy-cert.adv	Patch Vendor Advisory
19	http://secunia.com/advisories/44269
20	http://secunia.com/advisories/43181	Vendor Advisory
21	http://kb.juniper.net/InfoCenter/index?page=content&id=JSA10673
22	http://h20000.www2.hp.com/bizsupport/TechSupport/Document.jsp?objectID=c02794777

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-264	認可・権限・アクセス制御	https://cwe.mitre.org/data/definitions/264.html