SAINT v7.2.1 released

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and save.

JPEG - 31.3 kb

New vulnerability checks in version 7.2.1:

  • Sun Java Updates - November 2009. (CVE2009-3728 CVE 2009-3729 and etc.)
  • IBM Tivoli Storage Manager Client CAD Service Buffer Overflow.(CVE2009-3853)
  • Multiple Vulnerabilities fixed in Safari 4.0.4. (CVE2009-2414CVE2009-2416 and etc)
  • Avast Antivirus Local Privilege Escalation Vulnerability. (CVE2009-4049)
  • Linux Kernel eCryptfs Lower Dentry Null Pointer Dereference Local Denial of Service Vulnerability. (CVE2009-2908)
  • Linux Kernel ’net/ax25/af_ax25.c’ Local Denial of Service Vulnerability. (CVE2009-2909)
  • Pidgin OSCAR Plugin Invalid Memory Access Denial Of Service Vulnerability. (CVE2009-3615)
  • phpMyAdmin SQL Injection and Cross Site Scripting Vulnerabilities. (CVE2009-3696CVE2009-3697)
  • CUPS "pdftops" Two Integer Overflow Vulnerabilities. (CVE2009-3608CVE2009-3609)
  • Linux Kernel ’unix_stream_connect()’ Local Denial of Service Vulnerability. (CVE2009-3621)
  • Opera Web Browser prior to 10.01 Multiple Security Vulnerabilities. (CVE2009-3831CVE2009-3832)
  • IBM AIX cmsd vulnerability (CVE2009-3699)
  • Bftpd Unspecified Remote Denial of Service Vulnerability.(BID36820)
  • AOL AIM ’sipXtapi.dll’ Multiple Buffer Overflow Vulnerabilities.(BID36849)
  • Solaris Apache remote DoS vulnerability (CVE2009-2699)
  • NaviCOPA remote source code disclosure vulnerability (CVE2009-3646)
  • VMware Products Page Fault Exception Local Privilege Escalation Vulnerability.(CVE2009-2267)
  • VMware Products Directory Traversal Vulnerability.(CVE2009-3733)
  • Perl UTF-8 Regular Expression Processing Remote Denial of Service Vulnerability. (CVE2009-3626)
  • Rhino Software Serv-U Web Client HTTP Request Remote Buffer Overflow. (BID36895)
  • Asterisk Missing ACL Check Remote Security Bypass Vulnerability. (BID36821)
  • Pegasus 4.51 POP3 ERR Code buffer overflow (CVE2009-3838)
  • ConsoleUtilities ActiveX control vulnerability (CVE2009-3031)
  • Wireshark 1.2.2 and 1.0.9 Multiple Vulnerabilities.(CVE2009-3549CVE2009-3550CVE2009-3551)
  • vulnerable XM FTP version (BID37008, BID37016)
  • Kaspersky Antivirus Privilege elevation (BID37044)
  • Cisco IOS DLSw denial of service. (CVE2007-0199)
  • Cisco IOS RADIUS authentication bypass. (CVE2005-2105)
  • TYPSoft FTP Server ’APPE’ and ’DELE’ Commands Remote DoS Vulnerabilities
  • Serv-U TEA Decoding Buffer Overflow. (CVE2009-4006)
  • YahooBridgeLib ActiveX Control Remote Denial of Service Vulnerability. (BID37007)
  • HTTPSTK buffer overflow (FSC20091117-04)
  • PHP security bypass and DoS vulnerabilities (BID37032, BID37079)

New exploits in this version:

  • Oracle Document Capture EasyMail IMAP4 ActiveX control exploit
  • IBM Tivoli Storage Manager Client CAD Service Buffer Overflow exploit. (CVE2009-3853)
  • Adobe Acrobat Reader U3D CLODMeshContinuation Code Execution exploit. (CVE2009-2997)
  • Novell eDirectory DHost HTTPSTK exploit

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Comments

Related Articles

Penetration testing & Ethical Hacking
Saint
Vulnerability Management
Vulnerability Scanner