製品・ソフトウェアに関する情報

JVN脆弱性詳細

信頼できないパラメータを使用して生成した Dual_EC_DRBG の出力結果が推測可能な問題

Title	信頼できないパラメータを使用して生成した Dual_EC_DRBG の出力結果が推測可能な問題
Summary	Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) には、楕円曲線を計算するためのパラメータの信頼性に関する問題が指摘されています。 Dual Elliptic Curve Deterministic Random Bit Generator (Dual_EC_DRBG) は、NIST Special Publication 800-90A で規定されています。以前から、Dual_EC_DRBG の信頼性について研究者らから疑問を投げかけられており、NIST はこの問題についてのコメントを求めています。 NIST は、ITL Security Bulletins で次のように述べています。 ITL Security Bulletins http://csrc.nist.gov/publications/nistbul/itlbul2013_09_supplemental.pdf 　　Concern has been expressed about one of the DRBG algorithms in SP 800-90/90A and ANS X9.82: the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm. This algorithm includes default elliptic curve points for three elliptic curves, the provenance of which were not described. Security researchers have highlighted the importance of generating these elliptic curve points in a trustworthy way. This issue was identified during the development process, and the concern was initially addressed by including specifications for generating different points than the default values that were provided. However, recent community commentary has called into question the trustworthiness of these default elliptic curve points. この問題は、次の CWE に分類されます。　* CWE-327: Use of a Broken or Risky Cryptographic Algorithm 　　http://cwe.mitre.org/data/definitions/327.html
Possible impacts	Dual_EC_DRBG の出力を使用した共通鍵 (secret key material) などを推測される可能性があります。
Solution	[Dual_EC_DRBG を使用しない] NIST は、対策が出るまでの間、Dual_EC_DRBG の使用停止を強く推奨しています。 [独自の楕円曲線を使用する] 詳しくは NIST Special Publication 800-90A の Appendix A の A.2 節をご確認ください。 NIST Special Publication 800-90A http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf [鍵を再生成する] Dual_EC_DRBG の出力を使用した鍵 (secret key material) などがある場合は、他の安全なアルゴリズムで生成し直してください。
Publication Date	Nov. 7, 2013, midnight
Registration Date	Nov. 11, 2013, 12:34 p.m.
Last Update	July 1, 2015, 5:17 p.m.

CVSS2.0 : 警告
Score	5.8
Vector	AV:N/AC:M/Au:N/C:P/I:P/A:N

Affected System

日立

Cosminexus Developer's Kit for Java(TM)

Cosminexus HTTP Server

Hitachi Web Server

uCosminexus Application Server

uCosminexus Application Server (64)

uCosminexus Application Server -R

uCosminexus Application Server Express

uCosminexus Application Server Standard-R

uCosminexus Application Server Enterprise

uCosminexus Application Server Smart Edition

uCosminexus Application Server Standard

uCosminexus Client

uCosminexus Developer

uCosminexus Developer 01

uCosminexus Developer Professional

uCosminexus Developer Professional for Plug-in

uCosminexus Developer Light

uCosminexus Developer Standard

uCosminexus Operator for Service Platform

uCosminexus Primary Server Base

uCosminexus Primary Server Base(64)

uCosminexus Service Architect

uCosminexus Service Platform

uCosminexus Service Platform (64)

uCosminexus Service Platform - Messaging

（複数のベンダ）

（複数の製品）

CVE (情報セキュリティ共通脆弱性識別子)

No	Name	URL
Common Vulnerabilities and Exposures (CVE)
1	CVE-2007-6755	http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-6755
National Vulnerability Database (NVD)
2	CVE-2007-6755	http://web.nvd.nist.gov/view/vuln/detail?vulnId=http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2007-6755

CWE (共通脆弱性タイプ一覧)

No	Name	URL
JVNDB
1	CWE-310	https://jvndb.jvn.jp/ja/cwe/CWE-310.html
2	CWE-Other	https://www.ipa.go.jp/security/vuln/CWE.html#CWEOther

ベンダー情報

No	Name	URL
Hitachi Software Vulnerability Information
1	HS14-002	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-002/index.html
2	HS14-003	http://www.hitachi.co.jp/Prod/comp/soft1/global/security/info/vuls/HS14-003/index.html
ソフトウェア製品セキュリティ情報
3	HS14-002	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-002/index.html
4	HS14-003	http://www.hitachi.co.jp/Prod/comp/soft1/security/info/vuls/HS14-003/index.html

その他

No	Name	URL
JVN
1	JVNVU#92615138	http://jvn.jp/cert/JVNVU92615138/index.html
US-CERT Vulnerability Note
2	VU#274923	http://www.kb.cert.org/vuls/id/274923
関連文書
3	Conjectured Security of the ANSI-NIST Elliptic Curve RNG	http://eprint.iacr.org/2006/117.pdf
4	NIST Special Publication 800-90A	http://csrc.nist.gov/publications/nistpubs/800-90A/SP800-90A.pdf
5	On the Possibility of a Back Door in the NIST SP800-90 Dual Ec Prng	http://rump2007.cr.yp.to/15-shumow.pdf
6	SUPPLEMENTAL ITL BULLETIN FOR SEPTEMBER 2013	http://csrc.nist.gov/publications/nistbul/itlbul2013_09_supplemental.pdf

Change Log

No	Changed Details	Date of change
0	[2013年11月11日] 掲載 [2014年01月22日] 影響を受けるシステム：日立 (HS14-002) の情報を追加影響を受けるシステム：日立 (HS14-003) の情報を追加ベンダ情報：日立 (HS14-002) を追加ベンダ情報：日立 (HS14-003) を追加 [2015年07月01日] 影響を受けるシステム：内容を更新	Feb. 17, 2018, 10:37 a.m.

NVD Vulnerability Information

CVE-2007-6755

Summary	The NIST SP 800-90A default statement of the Dual Elliptic Curve Deterministic Random Bit Generation (Dual_EC_DRBG) algorithm contains point Q constants with a possible relationship to certain "skeleton key" values, which might allow context-dependent attackers to defeat cryptographic protection mechanisms by leveraging knowledge of those values. NOTE: this is a preliminary CVE for Dual_EC_DRBG; future research may provide additional details about point Q and associated attacks, and could potentially lead to a RECAST or REJECT of this CVE.
Publication Date	Oct. 12, 2013, 7:55 a.m.
Registration Date	Jan. 29, 2021, 2:26 p.m.
Last Update	Nov. 21, 2024, 9:40 a.m.

Affected software configurations

Configuration1	or higher	or less	more than	less than
cpe:2.3:a:dell:bsafe_crypto-c-micro-edition::::::::	3.0.0.0	3.0.0.20
cpe:2.3:a:dell:bsafe_crypto-j:5.0.1:::::::*
cpe:2.3:a:dell:bsafe_crypto-j:5.0:::::::*

Related information, measures and tools

No	URL	タグ
1	http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/	Third Party Advisory
2	http://arstechnica.com/security/2013/09/stop-using-nsa-influence-code-in-our-product-rsa-tells-customers/	Third Party Advisory
3	http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html	Third Party Advisory
4	http://blog.cryptographyengineering.com/2013/09/rsa-warns-developers-against-its-own.html	Third Party Advisory
5	http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html	Third Party Advisory
6	http://blog.cryptographyengineering.com/2013/09/the-many-flaws-of-dualecdrbg.html	Third Party Advisory
7	http://rump2007.cr.yp.to/15-shumow.pdf	Third Party Advisory
8	http://rump2007.cr.yp.to/15-shumow.pdf	Third Party Advisory
9	http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/	Not Applicable
10	http://stream.wsj.com/story/latest-headlines/SS-2-63399/SS-2-332655/	Not Applicable
11	http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect	Third Party Advisory
12	http://threatpost.com/in-wake-of-latest-crypto-revelations-everything-is-suspect	Third Party Advisory
13	http://www.securityfocus.com/bid/63657	Third Party Advisory VDB Entry
14	http://www.securityfocus.com/bid/63657	Third Party Advisory VDB Entry
15	https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html	Third Party Advisory
16	https://www.schneier.com/blog/archives/2007/11/the_strange_sto.html	Third Party Advisory

Common Vulnerabilities List

No	CWE	Name	URL
1	CWE-327	不完全、または危険な暗号アルゴリズムの使用	https://cwe.mitre.org/data/definitions/327.html