Alert Details

                                               Computer Network Defence Alert State

 

Radar Page

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                

Current Alerts

AlertTitleMSIE

Microsoft has published an update for IE that includes the patch for the 0311 Flash 0-day.

More info.

AlertTitleSCADA

Honeywell has released the new HART DTM for their products.  An improper input validation vulnerability was identified in the CodeWrights GmbH HART Device Type Manager (DTM) library extension utilized by some Magnetrol products.  The vulnerability causes the HART DTM component to crash and also causes the HART service to stop responding.

More info.

 

A buffer overflow vulnerability was identified in Schneider Electric’s SoMove Lite software package. While addressing this vulnerability, Schneider Electric identified multiple vulnerable Schneider Electric products.  This vulnerability could be exploited remotely.  Successfully exploiting this vulnerability could allow a remote attacker to execute arbitrary code.

More info.

AlertTitleSuSE

SuSE has published an update for the SCTP bug in their linux kernel, as well as other known security issues..

More info.

 

OpenSUSE has published the same update.

More info.

AlertTitleSymantec

Symantec Encryption Management Server allows an authorized or invited external user to submit a PGP public key to the key server which can be specifically created to include arbitrary data in the name field of the key. Symantec Encryption Management Server does not properly filter imported keys for unacceptable content as they are uploaded to the key server. The receipt email generated during the import process can be manipulated through email injection as a result of the modified content included in the submitted key.

More info.

AlertTitleIBM

Sterling Integrator and Sterling File Gateway are vulnerable to a denial of service. By sending a specially-crafted HTTP request, a remote attacker could exploit this vulnerability to cause the system to run out of connections and deny new connection requests.

More info.

 

IBM Maximo Asset Management could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request "dot dot" sequences (/../) to view arbitrary files on the system.

Morei nfo.

 

IBM has updated several products for SDK Java.

IBM Notes and Domino products.  More info.

IBM Rational RequisitePro products.  More info.

AlertTitleCisco

A vulnerability in the Forgot Password process of the Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to enumerate a valid administrator account.
More info

 

A vulnerability in the web framework of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery (CSRF) attack.

More info.

 

A vulnerability in the extensible markup language (XML) application programming interface (API) of Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to view sensitive information.

More info.

AlertTitleAdobe
AlertArrowDown2

There are now reports of CVE-2015-0312 being exploited in the wild.  If 0311 didn't make you do this upgrade, now is the time!

More info.

AlertTitleBlank
 

 

AlertTitleNovell
Novell has published a security update for the iPrint appliance.

More info.

AlertTitleGNU

Consolidating the glibc notices here.

 

McAfee has fixed some products, knows others are vulnerable.  More info.

Ubuntu has updated for glibc.  More info.

IBM is evaluating the GHOST vulnerability in glibc, but no updates yet.  More info.

RedHat has updated for glibc.  More info here and here.

Debian has updated glibc.  More info.

SuSE has published updates for glibc.  More info.

OpenSUSE has published glibc updates.  More info.

Blue Coat has published a bulletin about vulnerable products, no patches yet.  More info.

Citrix is evaluating.  More info.

Check Point has provided hotfixes.  More info.

Fortinet is evaluating, but they don't think they're vulnerable.  More info.

Cisco is evaluating.  More info.

Juniper has identified some products vulnerable, and is evaluating still.  More info.

AlertTitleBlank

 

 

AlertTitleAsterisk

Asterisk has published two updates, one that could allow DoS, the other fixes the libcURL vulnerability.

More info here and here.

 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cnd-logo-full-3

 

                                               

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://secunia.com/Advisories
http://www.vupen.com/english/security-advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/content/corelabs-advisories

http://www.iss.net/threats/ThreatList.php
http://www.sourcefire.com/security-technologies/snort/vulnerability-research-team/advisories

 

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/