Vulmon Recent Vulnerabilities Research Posts Trends Blog About Contact
5.8
CVSSv2

CVE-2007-6755

Published: 11/10/2013 Updated: 01/11/2022
CVSS v2 Base Score: 5.8 | Impact Score: 4.9 | Exploitability Score: 8.6
VMScore: 517
Vector: AV:N/AC:M/Au:N/C:P/I:P/A:N
Subscribe to Dell

Vulnerability Summary

The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent malicious users to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.

Vulnerability Trend

Vulnerable Product Search on Vulmon Subscribe to Product

dell bsafe crypto-c-micro-edition

dell bsafe crypto-j 5.0.1

dell bsafe crypto-j 5.0

Vendor Advisories

Red Hat: CVE-2007-6755
The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values ...

Github Repositories

https://github.com/gatecheckdev/gatecheck

Gatecheck CI/CD Validation Tool

Gatecheck Gatecheck automates report validation in a CI/CD Pipeline by comparing security findings to a pre-determined thresholds It also provides report aggregation, artifact integrity, and deployment validation Gatecheck is stateless so self-hosting and provisioning servers is not required Upcoming Features The CLI is currently going through a much needed refactor Onc

https://github.com/joelckwong/anchore

anchore dockerio/library/debian:7 docker-compose exec api anchore-cli --u admin --p foobar image get dockerio/library/debian:7 | grep 'Analysis Status' Analysis Status: analyzing docker-compose exec api anchore-cli --u admin --p foobar image get dockerio/library/debian:7 | grep 'Analysis Status' Analysis Status: analyzing docker-compose exec api anchore-c

https://github.com/valancej/anchore-five-minutes

Docker Image Security in 5 minutes or less Introduction As the move to containers continues to take the industry by storm, container security has taken center stage as one of the hottest topics in 2019 and many organizations are scrambling to ensure they are equipped with the appropriate tools to enforce container security and compliance One important means of strengthening yo

References

CWE-327http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.htmlhttps://www.schneier.com/blog/archives/2007/11/the_strange_sto.htmlhttp://rump2007.cr.yp.to/15-shumow.pdfhttp://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.htmlhttp://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspecthttp://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/http://www.securityfocus.com/bid/63657https://nvd.nist.govhttps://github.com/gatecheckdev/gatecheckhttps://access.redhat.com/security/cve/cve-2007-6755https://www.kb.cert.org/vuls/id/274923
CVSSv2
CVSSv2
CVSSv3
VMScore
Recommendations:
CVE-2022-48693CVE-2024-30851CVE-2024-34460CVE-2024-2887localCVE-2024-27956remote code executionCVE-2024-34475privilege
Vulnerability Notification Service
You don’t have to wait for vulnerability scanning results
Get Started

Vulmon Search

Vulmon Search is a vulnerability search engine. It gives comprehensive vulnerability information through a very simple user interface.

About

Home Recent Vulnerabilities Research Posts Trends Blog About Contact

Products

Vulmon Search Vulmon Research Vulmon Alerts Vulmap

Connect

Twitter Reddit Linkedin Facebook