SAINT® 6.7.10 Released

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

New vulnerability checks in version 6.7.10:

  • Linux kernel IPv6 over IPv4 vulnerability (CVE-2008-2136)
  • Mac OS X Security Update 2008-003 (CVE-2005-3352 CVE-2005-3357 CVE-2006-3747 CVE-2007-0071 CVE-2007-1863 CVE-2007-3847 CVE-2007-4465 CVE-2007-5000 CVE-2007-5266 CVE-2007-5268 CVE-2007-5269 CVE-2007-5275 CVE-2007-6019 CVE-2007-6243 CVE-2007-6359 CVE-2007-6388 CVE-2007-6612 CVE-2007-6637 CVE-2008-0177 CVE-2008-1027 CVE-2008-1028 CVE-2008-1030 CVE-2008-1031 CVE-2008-1032 CVE-2008-1033 CVE-2008-1034 CVE-2008-1035 CVE-2008-1036 CVE-2008-1571 CVE-2008-1572 CVE-2008-1573 CVE-2008-1574 CVE-2008-1575 CVE-2008-1576 CVE-2008-1577 CVE-2008-1578 CVE-2008-1579 CVE-2008-1580 CVE-2008-1654 CVE-2008-1655)
  • Sun Java System Web Server search module cross-site scripting vulnerability (CVE-2008-2166)
  • Debian and Ubuntu OpenSSL Random Number Generator Vulnerability (CVE-2008-0166)
  • MySQL vulnerability (CVE-2008-2079)
  • Antigen for SMTP Gateway, Antigen for Exchange, Forefront for Exchange and Forefront for SharePoint (MS-029) (CVE-2008-1437 CVE-2008-1438)
  • rdesktop (CVE-2008-1801 CVE-2008-1802 CVE-2008-1803)
  • CA BrightStor ARCServe Backup ListCtrl.ocx ActiveX Control vulnerability (CVE-2008-1472)
  • Trend Micro UPX vulnerability (CVE-2007-0851)
  • IDAutomation ActiveX vulnerabilities (CVE-2008-2283)
  • CA BrightStor ARCserve Backup XDR Parsing Buffer Overflow (CVE-2008-2241 CVE-2008-2242)
  • SAP ITS cross site scripting vulnerability (CVE-2008-2123)
  • Altiris Deployment Server vulnerabilities (CVE-2008-2286 CVE-2008-2287 CVE-2008-2288 CVE-2008-2289 CVE-2008-2290 CVE-2008-2291)
  • Cisco SSH denial of service (CVE-2008-1159)
  • Interbase overlong username buffer overflow (CVE-2008-0467)
  • IBM Lotus Domino Web Server HTTP Header Buffer Overflow (CVE-2008-2240)
  • PhotoStockPlus Uploader Tool ActiveX stack buffer overflow vulnerabilities(CVE-2008-0957)
  • Authentication credentials prefilled vulnerability
  • NetBIOS on Linux platforms vulnerability
  • BaoFeng Storm ActiveX Control Multiple Remote Buffer Overflow Vulnerabilities (CVE-2008-4816 CVE-2008-4953)
  • Remote OS available on scanned ports’ banners
  • Linux Kernel Virtual Address Range Checking Denial of Service (CVE-2008-2137)
  • Creative Software AutoUpdate Engine ActiveX Control Buffer Overflow vulnerability (CVE-2008-0955)
  • Samba vulnerability (CVE-2008-1105)

New exploits in this version:

  • Motorola Timbuktu login buffer overflow exploit
  • Linux support to samba_lsa_io_trans_names exploit
  • Facebook PhotoUploader ActiveX exploit
  • HP Software Update HPeDiag ActiveX exploit
  • CA ARCserve Backup XDR processing exploit

New SAINTmanager features in version 6.7.10:

  • Target restriction list management – More easily control which users are allowed to scan which targets

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Penetration testing & Ethical Hacking
Saint
Vulnerability Management
Wireless