SAINT® 6.9.5 available

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

New vulnerability checks in version 6.9.5:

  • EMC Networker nsrexecd.exe Denial of Service
  • F-Secure Anti-Virus archive handling vulnerabilities (CVE-2008-1412, CVE-2008-0910, CVE-2008-0792)
  • HP System Management Homepage unspecified privilege elevation (CVE 2008-4413)
  • Adobe Acrobat and Reader 8.1.2 Multiple Security Vulnerabilities. (CVE 2008-4812 CVE 2008-4813 and etc.)
  • ffdshow Codec Media Stream URL Processing Buffer Overflow
  • Linux kernel multiple vulnerabilities. (CVE 2008-5025 CVE 2008-5033 and etc.)
  • ClamAV Unicode Processing Buffer Overflow. (CVE 2008-5050)
  • WordPress RSS Feed Generator self_link HTTP_HOST Cross-Site Scripting
  • multiple Drupal content management vulnerabilities (CVE 2008-4789 CVE 2008-4790 CVE 2008-4791 CVE 2008-4792 CVE 2008-4793)
  • multiple Mantis Bug Tracker vulnerabilities (CVE 2008-4687 CVE 2008-4688 CVE 2008-4689)
  • Privilege Escalation fixed in Nagios 3.0.5. (CVE 2008-5027)
  • phpwebsite link.php SQL injection vulnerability
  • VMware Products Trap Flag In-Guest Privilege Escalation.(CVE 2008-4915)
  • Apple Safari Prior to 3.2 Multiple Security Vulnerabilities.(CVE 2008-3623 CVE 2008-3644 CVE 2008-4216)
  • OpenSSH CBC Mode Information Disclosure Vulnerability.(CVE 2008-5161)
  • CUPS PNG Filter Overly Large Image Height Integer Overflow.(CVE 2008-5286)
  • HP Insight Manager Unauthorized Access to Sensitive Information (CVE 2008-4412)
  • Opera Web Browser ’file://’ Heap Based Buffer Overflow Vulnerability.(CVE 2008-5178)
  • Sun Java Updates - Dec 2008. (CVE 2008-2086 CVE 2008-5360 and etc.)
  • Wireshark SMTP Processing Denial of Service Vulnerability. (CVE 2008-5285)
  • PHP-Fusion "messages.php" SQL Injection.(CVE 2008-5335)
  • Microsoft GDI remote code execution vulnerability. (MS08-071) (CVE 2008-2249 CVE 2008-3465)
  • Windows Media components vulnerabilities (MS08-076). (CVE 2008-3009 CVE 2008-3010)
  • Windows Search remote code execution vulnerability. (MS08-075) (CVE 2008-4268 CVE 2008-4269)
  • VB6 Runtime Extended files ActiveX Control vulnerabilities (MS08-070). (CVE 2008-4252, CVE 2008-4253, and etc.)
  • Microsoft Office Word, Word Viewer and compatability pack vulnerabilities. (MS08-072) (CVE 2008-4024 CVE 2008-4025 CVE 2008-4026 CVE 2008-4027 CVE 2008-4028 CVE 2008-4030 CVE 2008-4031 CVE 2008-4837)
  • Microsoft Office, Excel Viewer and compatibility pack vulnerabilities. (MS08-074) (CVE 2008-4264 CVE 2008-4265 CVE 2008-4266)
  • MyBB "my_post_key" Remote Image Information Disclosure
  • MS08-073 (CVE 2008-4258, CVE 2008-4259, CVE 2008-4260, and CVE 2008-4261)
  • Gallery Cookie Handling Security Bypass Vulnerability. (CVE 2008-5296)
  • MS08-077 Sharepoint Privilege elevation (CVE 2008-4032)

New exploits in this version:

  • CA ARCserve for Laptops and Desktops LGServer password integer overflow exploit. (CVE 2007-5004)
  • GoodTech SSH Server SFTP exploit. (CVE 2008-4726)
  • VideoLAN VLC media player RealText subtitle file exploit. (CVE 2008-5036)
  • VLC TY file buffer overflow exploit. (CVE 2008-4654)
  • Windows search-ms protocol handler exploit. (CVE 2008-4269)
  • Internet Explorer embed tag exploit. (CVE 2008-4261)

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Comments

Related Articles

Penetration testing & Ethical Hacking
Saint
Vulnerability Scanner