Vulnerability Information
Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
N/A
Vulnerability Description
The key_certify function in usr.bin/ssh/key.c in OpenSSH 5.6 and 5.7, when generating legacy certificates using the -t command-line option in ssh-keygen, does not initialize the nonce field, which might allow remote attackers to obtain sensitive stack memory contents or make it easier to conduct hash collision attacks.
CVSS Information
N/A
Vulnerability Type
N/A
Vulnerability Title
OpenSSH key_certify 权限许可和访问控制漏洞
Vulnerability Description
OpenSSH(OpenBSD Secure Shell)是OpenBSD计划组所维护的一套用于安全访问远程计算机的连接工具。该工具是SSH协议的开源实现,支持对所有的传输进行加密,可有效阻止窃听、连接劫持以及其他网络级的攻击。 OpenSSH 5.6和5.7版本中的usr.bin/ssh/key.c文件中的key_certify函数,当产生legacy证书(在ssh-keygen中使用-t命令行选项)时,远程攻击者可以利用该漏洞获得敏感栈内存内容或者更容易进行哈希碰撞攻击。
CVSS Information
N/A
Vulnerability Type
N/A