Revision Date: | 2013-10-11 | Version: | 1 | Title: | CVE-2007-6755 on Ubuntu 14.04 LTS (trusty) - low. | Description: | The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
| Family: | unix | Class: | vulnerability | Status: | | Reference(s): | CVE-2007-6755
| Platform(s): | Ubuntu 14.04 LTS
| Product(s): | | Definition Synopsis | Ubuntu 14.04 LTS (trusty) is installed. AND Package Information
NOT While related to the CVE in some way, the 'bouncycastle' package in trusty is not affected (note: 'code not present').
OR NOT While related to the CVE in some way, the 'gnutls26' package in trusty is not affected.
OR NOT While related to the CVE in some way, the 'gnutls28' package in trusty is not affected.
OR NOT While related to the CVE in some way, the 'libgcrypt11' package in trusty is not affected.
OR NOT While related to the CVE in some way, the 'nss' package in trusty is not affected.
OR NOT While related to the CVE in some way, the 'openssl' package in trusty is not affected.
OR NOT While related to the CVE in some way, the 'openssl098' package in trusty is not affected.
OR NOT While related to the CVE in some way, the 'polarssl' package in trusty is not affected.
OR NOT While related to the CVE in some way, the 'python-crypto' package in trusty is not affected.
|
|