SAINT® 7.2 Released : Now OVAL compatible.

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and save

New features in version 7.2:

  • Compatibility with Open Vulnerability and Assessment Language (OVAL)
  • Import existing OVAL vulnerability checks into SAINT
  • Support for Windows registry and file attribute checks
  • Form-based web application authentication
  • Log into your web application during scan set-up
  • Uncover additional web pages and vulnerabilities
  • Option to delete SAINT Scan Status File (status_file) from administrative pull-down menu.
  • Option to display text in a warning box on the login page by changing the configuration file ( This option is not available from the GUI.
JPEG - 31.3 kb

New vulnerability checks in version 7.2:

  • HP Power Manager Remote Code Execution.(CVE2009-2685)
  • WSDAPI remote code execution vulnerability (MS09-063)(CVE2009-2512)
  • Windows 2000 License Logging Server vulnerability (MS09-064) (CVE2009-2523)
  • Windows kernel embedded font vulnerabilities (MS09-065) (CVE2009-1127CVE2009-2513CVE2009-2514)
  • Active Directory DOS vulnerability (MS09-066) (CVE2009-1928)
  • Remote Code Execution Vulnerabilities in Microsoft Excel (MS09-067) (CVE2009-3127CVE2009-3128 and etc.)
  • MS Office Word remote code execution vulnerability (MS09-068) (CVE2009-3135)
  • Novell eDirectory dhost Buffer Overflow.(BID36815)
  • BakBone NetVault denial-of-service vulnerability. (CVE2009-3448)
  • Cisco Unified Communications Manager SIP Message Denial of Service Vulnerability. (CVE2009-2864)
  • bufferover flow in arclib.dll for Multiple CA products (CVE2009-3587CVE2009-3588)
  • avast! Home and Professional Multiple Vulnerabilities fixed in 4.8.1356. (CVE2009-3522CVE2009-3523CVE2009-3524)
  • IBM DB2 Universal Database Prior to 9.1 FP8 Multiple Vulnerabilities. (CVE2009-3471CVE2009-3472CVE2009-3473)
  • Shockwave SwDir.dll Denial-of-Service (CVE2009-3244)
  • GroupWise webacc XSS vulnerability (CVE2009-1762)
  • Multiple Vulnerabilities fixed in Firefox 3.0.15 and 3.5.4 and SeaMonkey 2.0.(CVE2009-3381CVE2009-3382 and etc.)
  • Code-Crafters Ability Mail Server IMAP FETCH Request Remote Denial Of Service Vulnerability.(CVE2009-3445)
  • Linux Kernel KVM ’kvm_emulate_hypercall()’ Local Denial of Service Vulnerability. (CVE2009-3290)
  • Samba setuid ’mount.cifs’ Verbose Option Information Disclosure Vulnerability. (CVE 2009-2948)
  • multiple Restriction Bypass vulnerabilities in PHP 5.2.11 and 5.3.0.(BID36554 and BID36555)
  • Adobe Reader and Acrobat 9.1.3 Multiple Vulnerabilities. (CVE2009-2994CVE2009-2995 and etc.)
  • Lotus Connections XSS vulnerability (CVE2009-3469)
  • Junos JWeb XSS vulnerability (CVE2009-3485)
  • Novell eDirectory ’dconserv.dlm’ Cross-Site Scripting Vulnerability.(BID36567)
  • Serv-U ’SITE SET TRANSFERPROGRESS ON’ Command Remote Denial of Service Vulnerability. (CVE2009-3655)
  • Google Apps remote command injection vulnerability
  • Skype "Unspecified Vulnerability"
  • Wireshark ERF File Remote Code Execution Vulnerability.(CVE2009-3829)
  • IBM Installation Manager remote library injection vulnerability (CVE2009-3518)
  • VMware Player and Workstation ’vmware-authd’ Remote Denial of Service Vulnerability.(CVE2009-3707)
  • vBulletin ’Home Page’ Field HTML Injection Vulnerability.(BID36643)

New exploits in this version:

  • Mac OS X support for QuickTime RTSP Content-type exploit. (CVE2007-6166)
  • Novell eDirectory DHost buffer overflow exploit
  • Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow exploit. (CVE2009-3031)
  • Java Runtime Environment HsbParser.getSoundBank Stack Buffer Overflow exploit
  • HP Power Manager Remote Code Execution exploit. (CVE2009-2685)
  • Serv-U Web Client session cookie handling buffer overflow exploit. (BID 36895)

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Penetration testing & Ethical Hacking
Vulnerability Management
Vulnerability Scanner