Alert Details

Computer Network Defence Alert State

 

Radar Page

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

 

Current Alerts

AlertTitleIBM

The products IBM CommonStore for Exchange Server and IBM CommonStore for Lotus Domino ship IBM® 32-bit Runtime Environment for Windows®, v5.0 which has a security vulnerability that might be exposed within the use of these products.  Timing differences based on the validity of messages can be exploited to decrypt the entire session. The exploit is not trivial, requiring a man-in-the-middle position and a long time (around 20 hours).

More info.

 

IBM Content Collector ships Oracle Outside In Technology and IBM SDK Java™ Technology Edition, Version 6, which have security vulnerabilities that might be exposed within the use of Content Collector.  An unspecified vulnerability in Oracle Outside In Technology related to the Outside In Maintenance component could allow a local attacker to cause a denial of service or possibly be used by a remote attacker to execute code on server installations.

More info.

 

A weakness and some vulnerabilities have been reported in IBM Tivoli Endpoint Manager for Remote Control, where some have an unknown impact and others can be exploited by malicious, local users to disclose certain sensitive information and by malicious people to cause a DoS (Denial of Service) and disclose potentially sensitive information.

More info.

AlertTitleF5

F5 Big-IP products contain a BIND vulnerability.  If BIND has been manually configured to perform DNSSEC validation on name servers, a malicious remote attacker may cause a disruption of service on those name servers.

More info.

 

F5 Big-IP and ARX products contain an OpenSSL vulnerability (other than Heartbleed).  Remote attackers may be able to cause a denial-of-service (DoS) attack using crafted traffic.

More info.

AlertTitleCisco

A vulnerability in the DHCPv6 server module of Cisco Network Registrar could allow an unauthenticated, remote attacker to cause a reload of the DHCPv6 server on an affected device.

More info.

AlertTitleBlank

 
 

 

AlertTitleBlank

 

 

AlertTitleBlank

 
 

AlertTitleHP

A vulnerability has been reported in HP Network Node Manager i, which can be exploited by malicious people to bypass certain security restrictions.  The vulnerability is caused due to application not properly restricting certain access and can subsequently be exploited to execute arbitrary code.

More info.

AlertTitleIBM

BM has acknowledged a vulnerability in IBM WebSphere Application Server and WebSphere Extended Deployment Compute Grid, which can be exploited by malicious people to cause a DoS (Denial of Service).

More info.

AlertTitleOracle

Oracle Quarterly patches are out.  34 products are updated, including the database, Fusion middleware, MySQL, PeopleSoft and Java.  63 of the patches allow remote exploit without authentication.

More info.

 

There were also 13 patches for third party products released.

More info.

AlertTitleBlank

 
 

AlertTitleBlank

 

 

AlertTitleBlank

 

 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cnd-logo-full-3

 

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://secunia.com/Advisories
http://www.vupen.com/english/security-advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/content/corelabs-advisories

http://www.iss.net/threats/ThreatList.php
http://www.sourcefire.com/security-technologies/snort/vulnerability-research-team/advisories

 

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/