SAINT® v7.2.3 updates - now SCAP support -

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and save.

JPEG - 31.3 kb

Version 7.2.3

New features in this version:

  • OVAL reporting
  • Ability to import SCAP-expressed data streams.
  • Added diskspace counter and results deletion features.
  • Added support through the system characteristics and results schemas.

New vulnerability checks in version 7.2.3:

  • Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability. (CVE2009-4031)
  • Adobe Flash Player Multiple Vulnerabilities (APSB09-19). (CVE2009-3794CVE2009-3796 and etc.)
  • Novell eDirectory ’NDS Verb 0x1’ Request Heap Based Buffer Overflow Vulnerability. (CVE2009-0895)
  • EMC RepliStor rep_srv and ctrlservice Denial of Service. (CVE 2009-3744)
  • Multiple Vulnerabilities fixed in Adobe Shockwave Player 11.5.2.602. (CVE2009-3463CVE2009-3464 and etc.)
  • Google Chrome prior to 3.0.195.32 Multiple Security Vulnerabilities. (CVE2009-3934)
  • MyBB Multiple vulnerabilities in 1.4.8. (BID36463)
  • WordPress Multiple Vulnerabilities. (CVE2009-3622CVE2009-3890CVE2009-3891 and BID37005)
  • Xerver HTTP Response Splitting Vulnerability. (CVE2009-4086)
  • Linux Kernel ’nfs4_proc_lock()’ Local Denial of Service Vulnerability. (CVE2009-3726)
  • Linux Kernel ’fput()’ NULL Pointer Dereference Local Denial of Service Vulnerabilty. (CVE2009-3888)
  • Home FTP Server 1.10.1.139 Multiple Security Vulnerabilities. (CVE2009-4051CVE2009-4053)
  • IBM WebSphere Application Server Administrative Console HTML Injection Vulnerability. (CVE2009-2747)
  • Opera Web Browser prior to 10.10 Multiple Security Vulnerabilities. (CVE2009-4071CVE2009-4072)
  • ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability. (CVE2009-4022)
  • Mozilla Firefox ’libpr0n’ GIF File Handling Denial of Service Vulnerability.(CVE2009-3978)
  • HP OpenView Network Node Manager ovalarm.exe Accept-Language Buffer Overflow. (CVE2009-4179)
  • Cisco VPN Client for Windows ’StartServiceCtrlDispatche’ Local Denial of Service Vulnerability. (CVE2009-4118)
  • Linux Kernel ’fuse_direct_io()’ Invalid Pointer Dereference Local Denial of Service Vulnerability. (CVE2009-4021)
  • Linux Kernel ’drivers/scsi/gdth.c’ Local Privilege Escalation Vulnerability. (CVE 2009-3080)
  • DotNetNuke Cross Site Scripting and Information Disclosure Vulnerabilities.(CVE2009-4109CVE2009-4110)
  • Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability. (BID37149)
  • PHP ’proc_open()’ ’safe_mode_protected_env_var’ Restriction-Bypass Vulnerability.(CVE2009-4018)
  • Invision Power Board Multiple SQL Injection Vulnerabilities. (CVE2009-3974)
  • Linux Kernel ’net/mac80211/’ Multiple Remote Denial of Service Vulnerabilities. (CVE2009-4026CVE2009-4027)
  • Linux Kernel ’drivers/char/n_tty.c’ NULL Pointer Dereference Denial of Service Vulnerability. (BID37147)
  • CA Service Desk Cross-Site Scripting Vulnerability. (CVE2009-4149)
  • Novell eDirectory ’/dhost/modules?I:’ Buffer Overflow Vulnerability. (BID37009)
  • Invision Power Board Local File Include and SQL Injection Vulnerability. (BID37208)
  • Invision Power Board MIME-Type Cross Site Scripting Vulnerabilities. (BID37263, BID37310)
  • VLC Media Player RTSP Remote Buffer Overflow Vulnerability. (BID37236)

New exploits in this version:

  • EasyMail SMTP ActiveX Control AddAttachment buffer overflow exploit. (BID 36440)
  • HP OpenView Network Node Manager ovalarm.exe Accept-Language exploit. (CVE2009-4179)
  • Adobe Reader media.newPlayer Use-After-Free Code Execution exploit. (CVE2009-4324)

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Comments

Related Articles

Penetration testing & Ethical Hacking
Saint
Vulnerability Management