Alert Details

Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                    

Current Alerts

AlertTitleWireshark
Wireshark has published an update that corrects six security vulnerabilities, all leading to a DoS.

More info.

AlertTitleSymantec

Symantec NetBackup OpsCenter is an optional web based application that, if installed, is installed separately in a customer’s environment for advanced monitoring, alerting, and reporting capabilities. Symantec NetBackup OpsCenter for Linux/Unix is susceptible to Javascript injection that could potentially result in privileged access to the application.

More info.

AlertTitleNetwork

D-Link was presented with a report of three potential vulnerabilities. First vulnerability reportedly relates to a malicious user who might be be connected to the LAN-side of the device to use the devices upload utility to load malicious code without authentication. A second vulnerability reportedly relates to the device’s ping utility that might permit command injection without authentication. A third vulnerability reportedly may exploit certain chipset utilities in firmware to potentially permit a malicious user an attack disclosing information about the devices configuration.  They've producted updates for 1 of 8 vulnerable models.

More info.

AlertTitleHP

Potential security vulnerabilities have been identified with HP XP P9000 Command View Advanced Edition Software Online Help for Windows and Linux. The vulnerabilities could be exploited resulting in remote Cross-site scripting (XSS). 

More info.

AlertTitleBlank

 

 

 

AlertTitleBlank

 
 

AlertTitleSSLTLS

On Tuesday, March 3, 2015, researchers disclosed a new SSL/TLS vulnerability — the FREAK attack. The vulnerability allows attackers to intercept HTTPS connections between vulnerable clients and servers and force them to use ‘export-grade’ cryptography, which can then be decrypted or altered.

More info.

 

ISC Handler Mark notes:  "it looks like this particular attack solves one challenge that a MITM has. For HTTPS intercept you usually generate a new certificate with the information of the site and resign the certificate before presenting it to the client. Whenever you present this newly signed certificate  the client receives an error message stating that the certificate does not match the expected certificate for the site.  From the vids it looks like this attack could "fix" that particular problem.  So now when you perform a MITM attack you retain the original certificate and the user is none the wiser.  ...   This issue will remain until systems have been patched and updated, not just servers, but also client software.  Client software should be updated soon"

More info.

 

Citrix is analyzing...  More info.

Fortiguard, it depends on what version you're on whether there is a fix for it or not.  More info.

Apple OS X is vulnerable, patch available next week.  More info.

As well as iOS.  More info.

AlertTitleSCADA
a stack-based buffer overflow vulnerability has been identified in the MICROSYS, spol. s r.o. PROMOTIC application.  Successful exploitation of this vulnerability may result in denial of service or data leakage.

More info.

 

There are multiple vulnerabilities in IBM® Runtime Environment Java™ Technology Edition, Version 6 and 7 that are used by IBM Sterling Connect:Direct File Agent.

More info.

AlertTitleRedHat

Redhat has published kernel updates that include several security fixes.  Two are remotely exploitable, one allows bypass of iptables rules in certain conditions.

More info.

AlertTitleMcAfee

ePO is vulnerable to three of the CVEs reported in Oracle’s January 2015 Java SE update. Collectively, these vulnerabilities affect confidentiality, integrity, availability of the server.

More info.

AlertTitleChrome

The latest Chrome version includes 51 security fixes.

More info.

AlertTitleChromeOS

A new version of ChromeOS with uknown security updates.

More info.

 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cnd-logo-full-3

 

                                                                                                                   

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://secunia.com/Advisories
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

 

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/