SAINT® 6.9.4 available

by

In: Penetration testing & Ethical Hacking , Saint , Vulnerability Management , Vulnerability Scanner

2 December 2008

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

New vulnerability checks in version 6.9.4:

  • Multiple Vulnerabilities fixed in Firefox 2.0.18 and 3.0.4 and SeaMonkey 1.1.13.(CVE 2008-0017, CVE 2008-5052, and etc.)
  • Multiple Vulnerabilities fixed in Thunderbird 2.0.0.18.(CVE 2008-5012 CVE 2008-5016 and etc.)
  • Multiple vulnerabilities fixed in Adobe Flash Player 9.0.151.0. (CVE 2008-4818 CVE 2008-4819 and etc.)
  • BitDefender Antivirus PDF Processing Memory Corruption
  • IBM Tivoli Storage Manager Client Remote Heap Buffer Overflow Vulnerability.(CVE 2008-4801)
  • phpMyAdmin "pmd_pdf.php" Cross-Site Scripting. (CVE 2008-4775)
  • MyBB vulnerabilities fixed in 1.4.3. (CVE 2008-4928 CVE 2008-4929 CVE 2008-4930)
  • PHP-Nuke Nuke League Module "tid" Parameter Cross-Site Scripting. (CVE 2008-5039)
  • Linux Kernel ’proc_do_xprt()’ Local Buffer Overflow Vulnerability. (CVE 2008-3911)
  • vulnerabilities fixed in Drupal 5.12 and 6.6
  • Linux Kernel "do_splice_from()" Local Security Bypass. (CVE 2008-4554)
  • Microsoft DebugDiag ’CrashHangExt.dll’ ActiveX Control Remote Denial of Service Vulnerability.(CVE 2008-4800)
  • Jive Software Openfire Jabber Server Authentication Bypass
  • multiple vulnerabilities fixed in VLC Media Player 0.9.6. (CVE 2008-5032 CVE 2008-5036)
  • CuteNews "config_skin" Parameter Local File Include
  • Adobe ColdFusion Local Information Disclosure and Local Privilege Escalation. (CVE 2008-4831)
  • Jive Software Openfire Jabber Server SQL Injection
  • GoodTech SSH Server SFTP Processing Buffer Overflow. (CVE 2008-4726)
  • Novell eDirectory Netware Core Protocol vulnerability. (CVE 2008-4480)
  • Net-SNMP vulnerability. (CVE 2008-4309)
  • Interbase Integer Overflow vulnerability. (CVE 2008-2559)

New exploits in this version:

  • Adobe Acrobat and Reader JavaScript exploit. (CVE 2007-5659)
  • Linux support to Apache Tomcat JK Connector exploit. (CVE 2007-0774)
  • LPViewer ActiveX Control exploit. (CVE 2008-4384)

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Penetration testing & Ethical Hacking
Saint
Vulnerability Management
Vulnerability Scanner