Alert Details

Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                        

Current Alerts

AlertTitleF5

Multiple integer overflows in the th_read function in lib/block.c in libtar before 1.2.20 allow remote attackers to cause a denial of service (crash) and possibly execute arbitrary code on Big-IP systems.
More info.

F5 has reported 18 vulnerabilities in PCRE which may allow remote attackers to cause a denial-of-service (DoS) or possibly have unspecified other impact via a crafted regular expression..  No patches for this one.
More info.

AlertTitleLinux

SuSE has updated for socat, firefox, and curl.
More info.

OpenSUSE has updated for Mozilla, and kernel live patch.
More info.

RedHat updated JBoss to correct one security issue. It was found that the Java Standard Tag Library (JSTL) allowed the processing of untrusted XML documents to utilize external entity references, which could access resources on the host system and, potentially, allowing arbitrary code execution.
More info.

Oracle linux provided 9 security updates, for httpd, php, and others.
More info.

AlertTitleSymantec

Symantec domain-validated (DV) SSL/TLS certificate issuance system, e.g. RapidSSL, QuickSSL, did not properly handle special characters in an email address when verifying a domain owner through email addresses found in WHOIS records. This could have potentially resulted in the issuance of a DV certificate for possible fraudulent use. 
Symantec engineers verified this issue and resolved it in the Symantec DV SSL/TLS certificate issuance system. No customer upgrade is required. Existing customer SSL/TLS certificates have been re-validated. Symantec is not aware of exploitation of or adverse impact from this finding.
More info.

AlertTitleIBM

IBM has updated IBM Java in the following products:

IBM ILOG CPLEX Optimization Studio and IBM ILOG CPLEX Enterprise Server.  More info.
IBM Decision Optimization Center.  More info.
IBM WebSphere Application Server Full Profile, IBM WebSphere Application Server Liberty Profile, and IBM WebSphere Application Server Hypervisor Edition.  More info.
Financial Transaction Manager for ACH Services.  More info.
IBM WebSphere Portal.  More info.
IBM WebSphere Service Registry and Repository Studio. More info.
IBM Security AppScan Standard. More info.

IBM has updated Apache Commons Collections in:
IBM Sterling Order Management.  More info.
IBM QRadar SIEM and IBM QRadar Incident Forensics.   More info.
IBM Platform Application Center Standard Edition.  More info.

IBM has fixed GSKit in the following products:
IBM Security Access Manager for Web.  More info.
IBM Security Access Manager for Mobile.  More info.
IBM Transformation Extender Hypervisor Edition for AIX. More info.
Transformation Extender.  More info.
IBM Transformation Extender Hypervisor Edition.  More info.
Rational RequisitePro.   More info.

The MD5 “SLOTH” vulnerability on TLS 1.2 affects:
IBM Security Access Manager for Mobile.  More info.
IBM Security Access Manager for Web. More info.
IBM Domino.  More info.

There is a cross-site scripting vulnerability in IBM WebSphere Application Server for any consumers of the OAuth provider output.
More info.
This affects Predictive Customer Intelligence.  More info.

The Logjam Attack on TLS connections using the Diffie-Hellman (DH) key exchange protocol affects IBM Netezza PureData System for Analytics.
More info.

A fix is available for an LDAP injection vulnerability in IBM WebSphere Portal.
More info.

IBM Emptoris Contract Management is vulnerable to cross-site request scripting and forgery attacks due to flaw in handling of untrusted user input. In addition, IBM Emptoris Contract Management could allow a remote attacker to include arbitrary files.
More info.

The Telemetry (MQXR) service can be configured to use SSL/TLS connections - the passphrase used to access the keystore is written to the file system in clear text in a properties file that is world readable.
More info.

IBM Security Access Manager for Web does not enforce account lockouts after a certain number of failed login attempts. A remote attacker could use a brute force attack to determine the login credentials for the administrator.
More info.

Various vulnerabilities in LibPNG could affect Informix Genero.
More info.

IBM QRadar could allow a remote attacker to obtain sensitive information, caused by the failure to set the HTTPOnly flag for the session cookie in SSL mode. By intercepting its transmission within an HTTP session, an attacker could exploit this vulnerability to capture the cookie and obtain sensitive information.
More info.

A vulnerability has been addressed in the GSKit component of AppScan Enterprise.  There are multiple vulnerabilities in the PCRE component used by AppScan Enterprise.
More info.

OpenSSL has been updated in:
IBM Worklight and IBM MobileFirst Platform Foundation.  More info.
IBM Sterling Connect:Direct for Microsoft Windows.  More info.

AlertTitleBlank

 
 

AlertTitleBlank

 

 

AlertTitleNetGear

Netgear Management System NMS300, version 1.5.0.11 and earlier, is vulnerable to arbitrary file upload, which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary files.

More info.

AlertTitleF5

An integer overflow flaw was found in the way the lzo library decompressed certain archives compressed with the LZO algorithm. An attacker could create a specially crafted LZO-compressed input that, when decompressed by an application using the lzo library, would cause that application to crash or, potentially, execute arbitrary code.  Big-IP is vulnerable in the latest code version.

More info.
 
The Elliptic Curve Digital Signature Algorithm (ECDSA) signature validation in Network Security Services (NSS) does not handle exceptional cases correctly. Under certain conditions, this flaw may be exploited to conduct signature forgery.
More info.

AlertTitleAsterisk

Asterisk contains a remote crash vulnerability when receiving UDPTL FAX data. If no UDPTL packets are lost there is no problem. However, a lost packet causes Asterisk to use the available error correcting redundancy packets. If those redundancy packets have zero length then Asterisk uses an uninitialized buffer pointer and length value which can cause invalid memory accesses later when the packet is copied.  
More info.

Setting the sip.conf timert1 value to a value higher than 1245 can cause an integer overflow and result in large retransmit timeout times. These large timeout values hold system file descriptors hostage and can cause the system to run out of file descriptors. The default timert1 value is 500. Asterisk has been patched to detect the integer overflow and calculate the previous retransmission timer value.
More info.

The Asterisk HTTP server currently has a default configuration which allows the BEAST vulnerability to be exploited if the TLS functionality is enabled. This can allow a man-in-the-middle attack to decrypt data passing through it.
More info.

AlertTitleSRWare

A new SRWare Iron for Windows has been released that includes security fixes, including updates for Chromium.
More info.

AlertTitleCisco

Cisco has provided some software releases to fix the vulnerability in the Cisco Jabber client could allow an unauthenticated, remote attacker to perform a STARTTLS downgrade attack.

More info.

A vulnerability in the web framework of Cisco Unity Connection could allow an unauthenticated, remote attacker to execute a cross-site scripting (XSS) attack.
More info.

A vulnerability in the HTTP web-based management interface of the Cisco Jabber Guest application could allow an unauthenticated, remote attacker to conduct a cross-site scripting (XSS) attack against a user of the web interface.
More info.

A vulnerability in the Cisco Unified Communications Manager SQL database interface could allow an authenticated, remote attacker to impact the confidentiality of the system by executing arbitrary SQL queries.
More info.

A vulnerability in the ICMP implementation in the Cisco Nexus 9000 Series Application Centric Infrastructure (ACI) Mode Switch could allow an unauthenticated, remote attacker to cause the switch to reload, resulting in a denial of service (DoS) condition.  This one has updated software.
More info.

AlertTitleBlank
 
 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                                      

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

https://testssl.sh/

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/