Bug 1046045 (CVE-2007-6755)

Summary: CVE-2007-6755 Dual_EC_DRBG: weak pseudo random number generator
Product: [Other] Security Response Reporter: Ratul Gupta <ratulg>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED NOTABUG QA Contact:
Severity: medium Docs Contact:
Priority: medium    
Version: unspecifiedCC: emaldona, jkurik, tmraz
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2014-01-02 21:21:26 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Bug Depends On:    
Bug Blocks: 1046046    

Description Ratul Gupta 2013-12-23 11:20:59 UTC
Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6755 to the following vulnerability:

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.


Comment 2 Tomas Hoger 2014-01-02 21:21:26 UTC
Cryptography libraries shipped as part of Red Hat products did not include support for Elliptic Curve Cryptography, which is used by the Dual EC DRBG, until recently.  Red Hat Enterprise Linux 6.5 add support of ECC into openssl and nss packages, limiting support to Suite B curves and their use in TLS.  Dual EC DRBG is not implemented in either of those packages.

OpenSSL upstream recently issued an announcement describing how the library uses Dual EC DRBG:


This PRNG algorithm was only implemented for OpenSSL version that went through the FIPS validation, it never was part of the standard non-FIPS upstream OpenSSL version.  Additionally, OpenSSL implementation contained a bug that preventing it from working in non-test use cases.  Due to that, upstream believes that this implementation wasn't used in practice.  Rather than fixing implementation bug, Dual EC DRBG was removed from OpenSSL and will not be included in the future OpenSSL FIPS module versions:


The openssl packages shipped with Red Hat Enterprise Linux did not include Dual EC DRBG implementation, not even in versions that were FIPS  validated.


Not vulnerable. This issue did not affect cryptography library packages as shipped with Red Hat products, as they do not implement Dual EC DRBG algorithm.