CVE-2007-6755

Priority
Low
Description
The NIST SP 800-90A default statement of the Dual Elliptic Curve
Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point
Q constants with a possible relationship to certain "skeleton key" values,
which might allow context-dependent attackers to defeat cryptographic
protection mechanisms by leveraging knowledge of those values. NOTE: this
is a preliminary CVE for Dual_EC_DRBG; future research may provide
additional details about point Q and associated attacks, and could
potentially lead to a RECAST or REJECT of this CVE.
References
Notes
 sarnold> Dual_EC_DRBG has been under suspicion long enough that I suspect
  none of our libraries use it by default, though some may make it available
  for legacy compatability. It might be worthwhile to remove it entirely, so
  that unsafe mechanisms aren't available to provide a false sense of safety.
 mdeslaur> openssl only seems to have Dual_EC_DRBG in the fips module, not
 mdeslaur> in the regular source.
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 16.10 (Yakkety Yak):needs-triage
Ubuntu 17.04 (Zesty Zapus):needs-triage
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 16.10 (Yakkety Yak):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:not-affected
Ubuntu 17.10 (Artful Aardvark):not-affected
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu Touch 15.04:not-affected
Ubuntu Core 15.04:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 16.10 (Yakkety Yak):not-affected
Ubuntu 17.04 (Zesty Zapus):not-affected
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu Touch 15.04:not-affected
Ubuntu Core 15.04:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 16.10 (Yakkety Yak):not-affected
Ubuntu 17.04 (Zesty Zapus):not-affected
Patches:
Upstream:http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a4870de5aaef562c0947494b410a2387f3a6d04d (1.0.1)
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was needs-triage)
Ubuntu 14.04 LTS (Trusty Tahr):needs-triage
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 16.10 (Yakkety Yak):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 16.10 (Yakkety Yak):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):needs-triage
Ubuntu 12.04 ESM (Precise Pangolin):DNE
Ubuntu 14.04 LTS (Trusty Tahr):DNE
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):needs-triage
Ubuntu 16.10 (Yakkety Yak):needs-triage
Ubuntu 17.04 (Zesty Zapus):needs-triage
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):DNE
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu Touch 15.04:DNE
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):DNE
Ubuntu 16.10 (Yakkety Yak):DNE
Ubuntu 17.04 (Zesty Zapus):DNE
Package
Source: nss (LP Ubuntu Debian)
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected
Ubuntu 12.04 ESM (Precise Pangolin):not-affected
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu Touch 15.04:not-affected
Ubuntu Core 15.04:DNE
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 16.10 (Yakkety Yak):not-affected
Ubuntu 17.04 (Zesty Zapus):not-affected
Package
Upstream:needs-triage
Ubuntu 17.10 (Artful Aardvark):not-affected
Ubuntu 12.04 ESM (Precise Pangolin):DNE (precise was not-affected)
Ubuntu 14.04 LTS (Trusty Tahr):not-affected
Ubuntu Touch 15.04:not-affected
Ubuntu Core 15.04:not-affected
Ubuntu 16.04 LTS (Xenial Xerus):not-affected
Ubuntu 16.10 (Yakkety Yak):not-affected
Ubuntu 17.04 (Zesty Zapus):not-affected
More Information

Updated: 2017-05-10 22:14:14 UTC (commit 12521)