Common Vulnerabilities and Exposures assigned an identifier CVE-2007-6755 to the following vulnerability:
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
Cryptography libraries shipped as part of Red Hat products did not include support for Elliptic Curve Cryptography, which is used by the Dual EC DRBG, until recently. Red Hat Enterprise Linux 6.5 add support of ECC into openssl and nss packages, limiting support to Suite B curves and their use in TLS. Dual EC DRBG is not implemented in either of those packages.
OpenSSL upstream recently issued an announcement describing how the library uses Dual EC DRBG:
This PRNG algorithm was only implemented for OpenSSL version that went through the FIPS validation, it never was part of the standard non-FIPS upstream OpenSSL version. Additionally, OpenSSL implementation contained a bug that preventing it from working in non-test use cases. Due to that, upstream believes that this implementation wasn't used in practice. Rather than fixing implementation bug, Dual EC DRBG was removed from OpenSSL and will not be included in the future OpenSSL FIPS module versions:
The openssl packages shipped with Red Hat Enterprise Linux did not include Dual EC DRBG implementation, not even in versions that were FIPS validated.
Not vulnerable. This issue did not affect cryptography library packages as shipped with Red Hat products, as they do not implement Dual EC DRBG algorithm.