CVE-2007-5502
Summary
| CVE | CVE-2007-5502 |
|---|
| State | PUBLIC |
|---|
| Assigner | [email protected] |
|---|
| Source Priority | CVE Program / NVD first with legacy fallback |
|---|
| Published | 2007-12-01 06:46:00 UTC |
|---|
| Updated | 2017-07-29 01:33:00 UTC |
|---|
| Description | The PRNG implementation for the OpenSSL FIPS Object Module 1.1.1 does not perform auto-seeding during the FIPS self-test, which generates random data that is more predictable than expected and makes it easier for attackers to bypass protection mechanisms that rely on the randomness. |
|---|
NVD Known Affected Configurations (CPE 2.3)
References
| Reference | Source | Link | Tags |
|---|
| Webmail : Solution de messagerie professionnelle - OVHcloud- OVH |
VUPEN |
www.vupen.com |
|
| OpenSSL FIPS Object Module PRNG Seed Vulnerability |
BID |
www.securityfocus.com |
Patch |
| US-CERT Vulnerability Note VU#150249 |
CERT-VN |
www.kb.cert.org |
US Government Resource |
| OpenSSL FIPS Object Module PRNG Security Issue - Advisories - Secunia |
SECUNIA |
secunia.com |
Patch, Vendor Advisory |
| www.openssl.org/news/secadv_20071129.txt |
CONFIRM |
www.openssl.org |
|
| IBM X-Force Exchange |
XF |
exchange.xforce.ibmcloud.com |
|
| SecurityTracker.com Archives - OpenSSL FIPS Object Module Self-Test Error Causes the System to Generate More Predictable Pseudo Random Data |
SECTRACK |
www.securitytracker.com |
|
| CVE Program record |
CVE.ORG |
www.cve.org |
canonical |
| NVD vulnerability detail |
NVD |
nvd.nist.gov |
canonical, analysis |
Vendor Comments And Credit
| Organization | Published | Contributor | Statement |
|---|
| Red Hat | 2007-12-03 | Mark J Cox | Not vulnerable. This vulnerability only affected the OpenSSL FIPS Object Module which is not enabled or used by OpenSSL in Red Hat Enterprise Linux 2.1, 3, 4, or 5. |
There are currently no legacy QID mappings associated with this CVE.
