Alert Details

Computer Network Defence Alert State

 

Radar Page

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

 

Current Alerts

AlertTitleNovell

Novell has published a security update for Sentinel Log Manager.

More info.

AlertTitleDebian

the sctp_association_free function does not properly manage a certain backlog value, which allows remote attackers to cause a denial of service (socket outage) via a crafted SCTP packet.

More info.

AlertTitleIBM

Fixes are available for security vulnerabilities in IBM WebSphere Portal related to the Unified Task List (UTL) Portlet.  Among other vulnerabilities, a remote attacker could send specially-crafted SQL statements which could allow the attacker to view, add, modify or delete information in the back-end database.
More info.

AlertTitleCisco

A vulnerability in the web server hosting the Cisco Prime Data Center Network Manager could allow an unauthenticated, remote attacker to perform a cross-site scripting (XSS) attack against the user of a web interface.
More info.

AlertTitleHitachi

Hitachi has acknowledged multiple vulnerabilities in multiple Hitachi Cosminexus and uCosminexus products, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, cause a DoS (Denial of Service), and compromise a user's system.

More info.

AlertTitleBlank

 
 

AlertTitleSCADA

A vulnerability allowing unauthorized download of system information from Innominate mGuard devices has been identified.   Exploitation of this vulnerability could allow a remote unauthenticated user access to release configuration information. While this is a minor vulnerability, it represents a method for further network reconnaissance.

More info.

AlertTitleF5

A BIND flaw impacts BIG-IP products.  Remote attackers may be able to cause a denial-of-service (DoS) attack by making a query for an AAAA record.

More info.

 

A flaw in the RC4 algorithm has been identified in multiple F5 products.  This TLS/SSL vulnerability constitutes an inherent flaw in the RC4 cipher. While it is possible to mitigate this vulnerability by disabling the RC4 cipher for the vulnerable component/feature, administrators were advised to use the RC4 cipher to mitigate other vulnerabilities, such as the BEAST and Lucky 13 attacks.  Pick your poison...

More info.

AlertTitleSAP

Multiple vulnerabilities have been identified in SAP products.

More info.

AlertTitleSonicWALL

a vulnerability has been identified in multiple Dell SonicWALL products, which can be exploited by malicious people to conduct cross-site scripting attacks.

More info.

AlertTitleMicrosoft

Microsoft revised a previously published advisory to announce that the stricter Windows Authenticode signature verification behavior originally enforced by default will be enabled on an opt-in basis and not made a default behavior in supported releases of Microsoft Windows.

More info.

AlertTitleAndroid

Android contains hard-coded certificates from several developers so it can give apps created by those developers special access and privileges inside the OS.  One such certificate belongs to Adobe and gives apps signed by it, or by certificates issued by it, the power to inject code into other installed apps.  an attacker can sign a malicious app with a certificate that appears to be signed by the hard-coded Adobe certificate, but actually isn't. As long as the Adobe certificate is present in the app's certificate chain, the system will take code from the app and inject it into other installed apps

More info.

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cnd-logo-full-3

 

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://secunia.com/Advisories
http://www.vupen.com/english/security-advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/content/corelabs-advisories

http://www.iss.net/threats/ThreatList.php
http://www.sourcefire.com/security-technologies/snort/vulnerability-research-team/advisories

 

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/