ARTICLE SAINT® 7.1.5 Released

Friday 30 October 2009 - 405 read - ( Keywords : Exploitation , Saint , Vulnerability Management , Vulnerability Scanner )

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and save

New features in version 7.1.5:

- HTTP Basic authentication

  • Scan for vulnerabilities in password-protected web directories.
    - Reporting of results from exploit tools
  • See results of click logger, phishing tool, and other tools in SAINTwriter.
JPG - 31.3 kb

New vulnerability checks in version 7.1.5:

- Oracle Critical Patch Update Advisory - October 2009. (CVE2009-1979CVE2009-1992 and etc.)
- HP LoadRunner XUpload.ocx ActiveX Control Arbitrary File Download.(CVE2009-3693)
- Cisco IOS software bundled advisory. (CVE2009-2862, etc.)
- multiple vulnerabilities fixed in Wireshark 1.2.2.(CVE2009-3241CVE2009-3242CVE2009-3243)
- Mozilla Bugzilla URL Password Information Disclosure Vulnerability. (CVE2009-3166)
- Multiple Vulnerabilities fixed in Pidgin 2.6.1. (CVE2009-3025CVE2009-3026)
- Cerberus FTP Server Long Command Remote Denial of Service Vulnerability. (BID36390)
- VLC Media Player CUE File Buffer Overflow Vulnerability. (BID36403)
- Cyrus IMAP local buffer overflow (BID36296)
- Google Chrome prior to 3.0.195.21 Multiple Security Vulnerabilities. (CVE2009-3263CVE2009-3264)
- Opera Unspecified Security Bypass Vulnerability. (CVE2009-3265CVE2009-3266)
- Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability. (CVE2009-2903)
- Mozilla Bugzilla ’Bug.search()’ WebService Function SQL Injection Vulnerability. (CVE2009-3125)
- Mozilla Bugzilla ’Bug.create()’ WebService Function SQL Injection Vulnerability. (CVE2009-3165)
- nginx WebDAV Multiple Directory Traversal Vulnerabilities. (BID36490)
- Arbitrary File Read and Directory Traversal in DWebPro (BID34721)
- Apple iTunes ’.pls’ File Buffer Overflow Vulnerability. (CVE2009-2817)
- PHP Multiple Vulnerabilities fixed in 5.2.11.(CVE2009-3291CVE2009-3292CVE2009-3293)
- nginx Proxy DNS Cache Domain Spoofing Vulnerability. (BID36438)
- Drupal Arbitrary File Upload and Session Fixation Vulnerabilities. (BID36431)
- INFORMIX IDS remote Denial-of-Service vulnerability (CVE2009-3470)
- IBM WebSphere Application Server Vulnerabilities fixed in 6.1.0.27. (CVE2009-2742CVE2009-2743CVE2009-2744)
- Linux Kernel ’find_ie()’ Function Remote Denial of Service Vulnerability. (CVE2009-3280)
- Linux kernel ’O_EXCL’ NFSv4 Privilege Escalation Vulnerability. (CVE2009-3286)
- Linux Kernel ’perf_counter_open()’ Local Buffer Overflow Vulnerability. (CVE2009-3234)
- DNS servers supporting recursive queries
- Google Chrome ’dtoa()’ Remote Code Execution Vulnerability. (CVE2009-0689)
- multiple PostgreSQL vulnerabilities (CVE2009-3229, CVE2009-3230, CVE2009-3231)

New exploits in this version:

- IBM Installation Manager iim URI Handling Code Execution exploit. (CVE2009-3519)
- HP LoadRunner XUpload ActiveX control file download exploit. (CVE2009-3693)
- Microsoft Office Art Property Table Memory Corruption exploit. (CVE 2009-2528)
- Adobe Reader FlateDecode integer overflow exploit. (CVE 2009-3459)


COMPLIANCE MANDATES

Vulnerability Management : PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2
Vulnerability Scanner : PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

POSTSCRIPTUM

Download trial


RELATED ARTICLES

Exploitation, Saint, Vulnerability Management, Vulnerability Scanner,

24 January 2010 : SAINT® 7.2.5 Released
14 January 2010 : Saint Vulnerability Scanner v7.2.4 released
26 December 2009 : SAINT® v7.2.3 updates - now SCAP support -
23 December 2009 : SAINT v7.2.2 released
26 November 2009 : SAINT v7.2.1 released