Alert Details

Computer Network Defence Alert State

 

secwiz blankback cro tp

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

                                                                                                                                                                                                                                                                                                                                                                                                                     

Current Alerts

AlertTitleSuSE

SuSE has published an update for libgcrypt that uses ciphertext blinding for Elgamal decryption.

Several other security related updates as well, to fix previously published issues.

More info.

 

OpenSUSE has updated several things as well.  More info.

AlertTitleApple

Multiple memory corruption issues existed in iTunes WebKit for Windows. A man-in-the-middle attack while browsing the iTunes Store via iTunes may lead to an unexpected application termination or arbitrary code execution.

More info.

 

Multiple memory corruption issues existed in QuickTime.  Processing a maliciously crafted file may lead to an unexpected application termination or arbitrary code execution.

More info.

 

Multiple issues in Safari could allow a maliciously crafted website to access databases belonging to other websites, circumvent CSRF protections, or unexpected application termination or arbitrary code execution.  Also, clicking a maliciously crafted link in a PDF embedded in a webpage may lead to cookie theft or user information leakage.

More info.

 

A malicious application with root privileges may be able to modify EFI flash memory

More info.

 

OS X Yosemite has been updated to correct a number of local and remote security vulnerabilities.

More info.

 

Finally, iOS has been updated to fix a number of security vulnerabilities.

More info.

AlertTitleMozilla
AlertNumberP3

Mozilla has published updates for multiple vulnerabilities for Thunderbird and Firefox.  A remote user can execute arbitrary code on the target system. A remote user can bypass security controls on the target system. A remote user can obtain potentially sensitive information.

More info.

 

RedHat has updated firefox.  More info.

Oracle Linux has updated.  More info.

Cyberfox has updated.  More info.

AlertTitleF5

An overflow vulnerability in ICU may allow remote attackers to cause a denial-of-service (DoS) or possibly execute arbitrary code using crafted text.

More info.

 

During network monitoring operations, a malformed packet may cause tcpdump to fail or execute arbitrary code.

More info.

 

An attacker could cause a denial-of-service (DoS) for file, or an application using file, via a specially crafted CDF file.

More info.

 

he IPMI 2.0 specification supports RMCP+ Authenticated Key-Exchange Protocol (RAKP) authentication, which allows remote attackers to obtain password hashes and conduct offline password guessing attacks by obtaining the HMAC from a RAKP message 2 response from a BMC.

More info.

 

This vulnerability may allow attackers to cause a denial-of-service (DoS) using crafted form data that triggers an improper order-of-growth outcome.

More info.

AlertTitleCisco

A vulnerability in the Open Shortest Path First version 2 (OSPFv2) code of Cisco Adaptive Security Appliance (ASA) Software could allow an unauthenticated, adjacent attacker to cause the reload of the affected system. 

More info.

AlertTitleBlank

 

 

AlertTitleBlank

 

 

AlertTitleIBM

Multiple security vulnerabilities exist in IBM Runtime Environment Java Technology Edition shipped with WebSphere Message Broker and IBM Integration Bus.

More info.

AlertTitleSuSE

SuSE has published a linux kernel update that fixes multiple security vulnerabilities, several of which can be exploited remotely.

More info.

AlertTitleF5

An attacker may be able to cause a denial-of-service (DoS) for an ARX system.

More info.

AlertTitleCisco

A vulnerability in the Cisco Unified Communications Domain Manager Platform Software could allow an unauthenticated, remote attacker to login with the privileges of the root user and take full control of the affected system. The vulnerability occurs because a privileged account has a default and static password. This account is created at installation and cannot be changed or deleted without impacting the functionality of the system. An attacker could exploit this vulnerability by remotely connecting to the affected system via SSH using this account. An exploit could allow the attacker to take full control over the affected system.

More info.

 

A vulnerability in Cisco Digital Content Manager (DCM) could allow an unauthenticated, remote attacker to crash the system mainboard.

More info.

AlertTitleBlank

 

 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cndlogo 150x150

 

                                                                                                                                                                                                                                                                                                                                                                                                                    

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://secunia.com/Advisories
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/grid/advisories

http://www.iss.net/threats/ThreatList.php

 

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/