SAINT® 7.1.2 Released

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

JPEG - 31.3 kb

New features in version 7.1.2:

  • SAINTmanager ticketing workflow improvements:
  • Tracking of ticket changes
  • Enhanced user interface for improved usability

New vulnerability checks in version 7.1.2:

  • JScript Scripting Engine Remote Code Execution Vulnerability (MS09-045) (CVE 2009-1920)
  • Windows DHTML Editing Component Active X control (MS09-046) (CVE 2009-2519)
  • Windows Media header format vulnerability. (MS09-047) (CVE 2009-2498 CVE 2009-2499)
  • Microsoft Windows TCP/IP remote code execution vulnerability. (MS09-048) (CVE 2008-4609 CVE 2009-1925 CVE 2009-1926)
  • Microsoft Windows Wireless LAN AutoConfig Service frame parsing remote code execution vulnerability. (MS09-049) (CVE 2009-1132)
  • Squid strListGetItem Denial of Service. (CVE 2009-2855)
  • Linux Kernel ’fs/proc/base.c’ Local Information Disclosure Vulnerability. (CVE 2009-2691)
  • Linux Kernel ’posix-timers.c’ NULL Pointer Dereference Denial of Service Vulnerability. (CVE 2009-2767)
  • RedHat SNMP vuln (CVE 2009-1887)
  • Joomla! Cross Site Scripting and Information Disclosure Vulnerabilities (BID35544)
  • Libpurple "msn_slplink_process_msg()" Memory Corruption Vulnerability. (CVE 2009-2694)
  • ICQ Incoming Message HTML Injection Vulnerability. (BID36041)
  • Novell eDirectory Multiple Vulnerabilities in version 8.8 SP3 (CVE 2009-0192)
  • Linux Kernel ’sock_sendpage()’ NULL Pointer Dereference Vulnerability. (CVE 2009-2692)
  • Linux Kernel ’binfmt_flat.c’ NULL Pointer Dereference Denial of Service Vulnerability. (CVE 2009-2768)
  • Google Chrome V8 JavaScript Engine Remote Code Execution Vulnerability. (CVE 2009-2935)
  • ProFTP ’Welcome Message’ Remote Buffer Overflow Vulnerability. (BID36128)
  • IBM DB2 Universal Database Prior to 8 FixPak 18 Multiple Vulnerabilities. (CVE 2009-2858 CVE 2009-2859 CVE 2009-2860)
  • multiple vulnerabilities in Adobe ColdFusion 8.0.1. (CVE 2009-1872 CVE 2009-1877 and etc.)
  • Sun Java System Web Server JSP file arbitrary read (CVE 2009-2445)
  • OpenOffice Word Document Table Parsing Integer Underflow. (CVE 2009-0200)
  • Avast! Antivirus Professional File System Filter Driver Buffer Overflow Vulnerability. (BID36115)
  • Microsoft Internet Information Services FTP Server Remote Buffer Overflow. (CVE 2009-3023)

New exploits in this version:

  • Microsoft Office Web Components DataSourceControl ActiveX Control memory allocation exploit (CVE 2009-0562)
  • Oracle Secure Backup property_box.php type parameter command execution exploit (CVE 2009-1978)
  • Microsoft IIS FTP Server NLST Command Remote Overflow exploit. (CVE 2009-3023

Post scriptum

Compliance Mandates

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Comments

Related Articles

Saint
Vulnerability Management
Vulnerability Scanner