1
Candidate: CVE-2007-6755
4
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6755
5
https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html
6
http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect
7
http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/
8
http://rump2007.cr.yp.to/15-shumow.pdf
9
http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html
10
http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html
11
http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/
13
The NIST SP 800-90A default statement of the Dual Elliptic Curve
14
Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point
15
Q constants with a possible relationship to certain "skeleton key" values,
16
which might allow context-dependent attackers to defeat cryptographic
17
protection mechanisms by leveraging knowledge of those values. NOTE: this
18
is a preliminary CVE for Dual_EC_DRBG; future research may provide
19
additional details about point Q and associated attacks, and could
20
potentially lead to a RECAST or REJECT of this CVE.
23
sarnold> Dual_EC_DRBG has been under suspicion long enough that I suspect
24
none of our libraries use it by default, though some may make it available
25
for legacy compatability. It might be worthwhile to remove it entirely, so
26
that unsafe mechanisms aren't available to provide a false sense of safety.
27
mdeslaur> openssl only seems to have Dual_EC_DRBG in the fips module, not
28
mdeslaur> in the regular source.
35
upstream: http://git.openssl.org/gitweb/?p=openssl.git;a=commit;h=a4870de5aaef562c0947494b410a2387f3a6d04d (1.0.1)
36
upstream_openssl: needs-triage
37
lucid_openssl: not-affected
38
precise_openssl: not-affected
39
precise/esm_openssl: not-affected
40
quantal_openssl: not-affected
41
raring_openssl: not-affected
42
saucy_openssl: not-affected
43
trusty_openssl: not-affected
44
utopic_openssl: not-affected
45
vivid_openssl: not-affected
46
vivid/stable-phone-overlay_openssl: not-affected
47
vivid/ubuntu-core_openssl: not-affected
48
wily_openssl: not-affected
49
xenial_openssl: not-affected
50
yakkety_openssl: not-affected
51
zesty_openssl: not-affected
52
artful_openssl: not-affected
53
bionic_openssl: not-affected
54
devel_openssl: not-affected
57
upstream_openssl098: needs-triage
59
precise_openssl098: not-affected
60
precise/esm_openssl098: DNE (precise was not-affected)
61
quantal_openssl098: not-affected
62
raring_openssl098: not-affected
63
saucy_openssl098: not-affected
64
trusty_openssl098: not-affected
65
utopic_openssl098: not-affected
66
vivid_openssl098: not-affected
67
vivid/stable-phone-overlay_openssl098: DNE
68
vivid/ubuntu-core_openssl098: DNE
70
xenial_openssl098: DNE
71
yakkety_openssl098: DNE
73
artful_openssl098: DNE
74
bionic_openssl098: DNE
78
upstream_polarssl: needs-triage
79
lucid_polarssl: ignored (reached end-of-life)
80
precise_polarssl: ignored (reached end-of-life)
81
precise/esm_polarssl: DNE (precise was needs-triage)
82
quantal_polarssl: ignored (reached end-of-life)
83
raring_polarssl: ignored (reached end-of-life)
84
saucy_polarssl: ignored (reached end-of-life)
85
trusty_polarssl: needs-triage
86
utopic_polarssl: ignored (reached end-of-life)
87
vivid_polarssl: ignored (reached end-of-life)
88
vivid/stable-phone-overlay_polarssl: DNE
89
vivid/ubuntu-core_polarssl: DNE
90
wily_polarssl: ignored (reached end-of-life)
99
upstream_mbedtls: needs-triage
101
precise/esm_mbedtls: DNE
103
vivid_mbedtls: ignored (reached end-of-life)
104
vivid/stable-phone-overlay_mbedtls: DNE
105
vivid/ubuntu-core_mbedtls: DNE
107
xenial_mbedtls: needs-triage
108
yakkety_mbedtls: ignored (reached end-of-life)
109
zesty_mbedtls: ignored (reached end-of-life)
110
artful_mbedtls: needs-triage
111
bionic_mbedtls: needs-triage
112
devel_mbedtls: needs-triage
115
upstream_nss: needs-triage
116
lucid_nss: not-affected
117
precise_nss: not-affected
118
precise/esm_nss: not-affected
119
quantal_nss: not-affected
120
raring_nss: not-affected
121
saucy_nss: not-affected
122
trusty_nss: not-affected
123
utopic_nss: not-affected
124
vivid_nss: not-affected
125
vivid/stable-phone-overlay_nss: not-affected
126
vivid/ubuntu-core_nss: DNE
127
wily_nss: not-affected
128
xenial_nss: not-affected
129
yakkety_nss: not-affected
130
zesty_nss: not-affected
131
artful_nss: not-affected
132
bionic_nss: not-affected
133
devel_nss: not-affected
136
upstream_gnutls28: needs-triage
138
precise_gnutls28: not-affected
139
precise/esm_gnutls28: DNE (precise was not-affected)
140
quantal_gnutls28: not-affected
141
raring_gnutls28: not-affected
142
saucy_gnutls28: not-affected
143
trusty_gnutls28: not-affected
144
utopic_gnutls28: not-affected
145
vivid_gnutls28: not-affected
146
vivid/stable-phone-overlay_gnutls28: not-affected
147
vivid/ubuntu-core_gnutls28: not-affected
148
wily_gnutls28: not-affected
149
xenial_gnutls28: not-affected
150
yakkety_gnutls28: not-affected
151
zesty_gnutls28: not-affected
152
artful_gnutls28: not-affected
153
bionic_gnutls28: not-affected
154
devel_gnutls28: not-affected
157
upstream_gnutls26: needs-triage
158
lucid_gnutls26: not-affected
159
precise_gnutls26: not-affected
160
precise/esm_gnutls26: not-affected
161
quantal_gnutls26: not-affected
162
raring_gnutls26: not-affected
163
saucy_gnutls26: not-affected
164
trusty_gnutls26: not-affected
165
utopic_gnutls26: not-affected
167
vivid/stable-phone-overlay_gnutls26: DNE
168
vivid/ubuntu-core_gnutls26: DNE
171
yakkety_gnutls26: DNE
178
upstream_libgcrypt11: needs-triage
179
lucid_libgcrypt11: not-affected
180
precise_libgcrypt11: not-affected
181
precise/esm_libgcrypt11: not-affected
182
quantal_libgcrypt11: ignored (reached end-of-life)
183
raring_libgcrypt11: ignored (reached end-of-life)
184
saucy_libgcrypt11: ignored (reached end-of-life)
185
trusty_libgcrypt11: not-affected
186
utopic_libgcrypt11: not-affected
187
vivid_libgcrypt11: DNE
188
vivid/stable-phone-overlay_libgcrypt11: DNE
189
vivid/ubuntu-core_libgcrypt11: DNE
190
wily_libgcrypt11: DNE
191
xenial_libgcrypt11: DNE
192
yakkety_libgcrypt11: DNE
193
zesty_libgcrypt11: DNE
194
artful_libgcrypt11: DNE
195
bionic_libgcrypt11: DNE
196
devel_libgcrypt11: DNE
198
Patches_bouncycastle:
199
upstream_bouncycastle: needs-triage
200
lucid_bouncycastle: ignored (reached end-of-life)
201
precise_bouncycastle: ignored (reached end-of-life)
202
precise/esm_bouncycastle: DNE (precise was needs-triage)
203
quantal_bouncycastle: ignored (reached end-of-life)
204
raring_bouncycastle: ignored (reached end-of-life)
205
saucy_bouncycastle: ignored (reached end-of-life)
206
trusty_bouncycastle: not-affected (code not present)
207
utopic_bouncycastle: ignored (reached end-of-life)
208
vivid_bouncycastle: ignored (reached end-of-life)
209
vivid/stable-phone-overlay_bouncycastle: DNE
210
vivid/ubuntu-core_bouncycastle: DNE
211
wily_bouncycastle: ignored (reached end-of-life)
212
xenial_bouncycastle: not-affected (code not present)
213
yakkety_bouncycastle: ignored (reached end-of-life)
214
zesty_bouncycastle: not-affected (code not present)
215
artful_bouncycastle: not-affected (code not present)
216
bionic_bouncycastle: not-affected (code not present)
217
devel_bouncycastle: not-affected (code not present)
219
Patches_python-crypto:
220
upstream_python-crypto: not-affected
221
lucid_python-crypto: ignored (reached end-of-life)
222
precise_python-crypto: not-affected
223
precise/esm_python-crypto: not-affected
224
quantal_python-crypto: ignored (reached end-of-life)
225
raring_python-crypto: ignored (reached end-of-life)
226
saucy_python-crypto: ignored (reached end-of-life)
227
trusty_python-crypto: not-affected
228
utopic_python-crypto: ignored (reached end-of-life)
229
vivid_python-crypto: ignored (reached end-of-life)
230
vivid/stable-phone-overlay_python-crypto: not-affected
231
vivid/ubuntu-core_python-crypto: not-affected
232
wily_python-crypto: ignored (reached end-of-life)
233
xenial_python-crypto: not-affected
234
yakkety_python-crypto: not-affected
235
zesty_python-crypto: not-affected
236
artful_python-crypto: not-affected
237
bionic_python-crypto: not-affected
238
devel_python-crypto: not-affected