Alert Details

Computer Network Defence Alert State

 

Radar Page

The Computer Network Defence Alert State is designed to give a granular and more dynamic visualisation of the current security threat.  Increase in alert state will occur immediately upon detection of a new threat and drop again by one level each working day.  The rationale is that vulnerabilities often occur in clusters, therefore reducing the alert state again quickly, will increase your visibility of new threats to the same product.  It is important that the radar page is viewed at least daily in order to track these changes. Reductions in alert state occur at approximately 1900 GMT/UTC. Significant vulnerabilities may remain for longer. Vulnerabilities on this page are predominantly remotely executable, very few local server exploits will be shown.

 

 

Current Alerts

AlertTitleSolaris

Oracle has published six third-party software updates for Solaris.

More info.

AlertTitleIBM

A security vulnerability impacts IBM Rational Directory Server (RDS) 5.2.x, 5.1.1.x and Rational Directory Administrator (RDA) 6.x Java Client library.   The RDS Java Client library carries clear text password of root user. A potential hacker with this password information could connect to RDS and could exploit its consuming products data.

More info.

 

By sending a single request with the same authentication method multiple times, a remote attacker may generate unwanted load on the Keystone host, potentially resulting in a Denial of Service against a Keystone service.

More info.

 

PowerVC is missing appropriate SSH known_hosts checks. This opens the door to a possible MITM (man-in-the-middle) attack.

More info.

 

PowerVC Express Edition is using FTP to transfer files to a managed IVM. FTP is not a secure protocol. The credentials used to access the IVM may be snooped.

More info.

AlertTitleFortinet

A temporary denial of service condition can be created using a specially crafted request sent to the FortiManager protocol service in FortiOS version 5.0.0 to 5.0.7 and FortiOS version 4.3.15 and lower. Code execution has not been demonstrated, but may be possible under certain conditions. 

More info.

AlertTitleCisco

A vulnerability in the Session Manager software of Cisco Packet Data Network Gateway (PGW) could allow an unauthenticated, remote attacker to cause the Session Manager to crash.

More info.

AlertTitleBlank

 

 

AlertTitleBlank

 
 

AlertTitleIBM

Clear text password in IBM Rational Directory Server (RDS) supplied Client library could allow potential hacker to gain access to RDS and access to unauthorized data used by consuming products such as Rational Synergy.

More info.

 

Ditto Rational Change.

More info.

 

There are multiple vulnerabilities in IBM® SDK Java™ Technology Edition, Version 7.0 SR7 that is used by IBM Multi-Enterprise Integration Gateway.

More info.

 

The python-qpid client (common/rpc/impl_qpid.py) in OpenStack Oslo before 2013.2 does not enforce SSL connections when qpid_protocol is set to ssl, which allows remote attackers to obtain sensitive information by sniffing the network.

More info.

AlertTitleAIX

AIX has reported a vulnerabilitiy in Libxml2 allowing a denial of service.

More info.

 

Also, The default configuration of ISC BIND before 9.4.1-P1, when configured as a caching name server, allows recursive queries and provides additional delegation information to arbitrary IP addresses, which allows remote attackers to cause a denial of service

More info.

AlertTitleBlank

 

 

AlertTitleBlank

 

 

AlertTitleBlank

 

 

AlertTitleBlank

 

 

 

Return to the top of the Alert Details Page

Alert Definitions

NORMAL This alert state represents the normal level of security with minimal activity relating to the product.  The next stage above this level is 2, however falling alerts will go through 1 when returning to normal.

LOW This alert state indicates that an alert has been recognised for this product within the last few days but it is now returning to normal.  Inclusion of this level is for viewers that don't monitor this alert system regularly.

INCREASED This alert state indicates a need to increase the security posture due to an emerging threat for which there is currently no exploit, or you are witnessing the reduction in alert state after being at level 3 for more than 1 working day.

HIGH This alert state indicates a significant threat to the product, where exploits exist or where the vulnerability is potentially devastating.

PATCHES This alert state indicates that patches are available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the urgency to patch.

EXPLOIT This alert state indicates that exploit code is available for vulnerabilities that had previously resulted in a need for the alert state to increase and subsequently fall. The level of 2 or 3 indicates the threat of the exploit.

AlertNumberZ3

ZERO This alert state indicates that a vulnerability has been announced without the opportunity for the vendor to patch it before the details are made known.  These can be especially dangerous if exploit code is available. The level of 2 or 3 indicates the threat of the vulnerability.

 

Return to the top of the Alert Details Page

 

Go to the Radar Page                                                 cnd-logo-full-3

 

Useful Links

 

These are links our analysts and radar page patrons find useful.  If you would like to suggest a link for this section, please send your suggestions to This email address is being protected from spambots. You need JavaScript enabled to view it.

 

http://isc.sans.edu/
http://www.us-cert.gov/
http://www.auscert.org.au/
http://cve.mitre.org/
http://atlas.arbor.net/

http://www.cert.org/advisories/
http://secunia.com/Advisories
http://www.vupen.com/english/security-advisories/
http://www.securityfocus.com/vulnerabilities
http://www.coresecurity.com/content/corelabs-advisories

http://www.iss.net/threats/ThreatList.php
http://www.sourcefire.com/security-technologies/snort/vulnerability-research-team/advisories

 

Any other comments on our site or the Radar Page are welcome as well!

http://www.ubuntu.com/usn/usn-1215-1/