SAINT v7.2.2 released

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and save.

JPEG - 31.3 kb

Version 7.2.2 (12/09/2009)

New features in this version:

  • OVAL reporting
    • View/Download results of OVAL scans in the OVAL system characteristics and results schema format.
  • New Ubuntu package version
    • Easy point-and-click installation on Ubuntu
    • Automatic resolution of dependencies
  • Custom tutorials
    • Easily edit SAINT’s tutorials through the GUI

New vulnerability checks in version 7.2.2:

  • Cumulative security update for Internet Explorer (MS09-072) (CVE 2009-2493 CVE 2009-3671 etc.)
  • WordPad and Office Text Converters Remote Code Execution Vulnerability. (MS09-073) (CVE 2009-2506)
  • MySQL Multiple Vulnerabilities fixed in 5.1.41. (CVE 2009-4019 CVE 2009-4030 and etc.)
  • LSASS IPSEC DoS (MS09-069) (CVE 2009-3675)
  • Active Directory Federation Services vulnerability (MS09-070) (CVE 2009-2508 CVE 2009-2509)
  • Windows Internet Authentication Service vulnerabilities (MS09-071). (CVE 2009-2505 CVE 2009-3677)
  • Microsoft Project vulnerability. (MS09-074) (CVE 2009-0102)
  • Mac OS X Security Update 2009-006.(CVE 2009-2818 CVE 2009-2819 and etc.)
  • HP OpenView Network Node Manager ’ovdbrun.exe’ Denial of Service Vulnerability. (CVE 2009-3840)
  • Apple CUPS cupsdDoSelect Remote Code Execution. (CVE 2009-3553)
  • MaxWebPortal SQL injection vulnerability (CVE 2009-3436)
  • nginx ’ngx_http_process_request_headers()’ Remote Buffer Overflow Vulnerability. (CVE 2009-3896)
  • OpenLDAP X.509 Certificate NULL Character Certificate Validation Security Bypass Vulnerability. (CVE 2009-3767)
  • Novell eDirectory NULL Base DN Denial Of Service Vulnerability. (CVE 2009-3862)
  • BlackBerry Lotus Notes Intellisync ActiveX control Vulnerability. (CVE 2009-0306)
  • Linux Kernel ’pipe.c’ Local Privilege Escalation Vulnerability. (CVE 2009-3547)
  • 3Com OfficeConnect default accounts Vulnerability. (BID36722)
  • Mac OS cross-site tracing Vulnerability. (CVE 2009-2823)
  • HP Operations Manager Server Unauthorized File Upload. (CVE 2009-3843)
  • Snitz Forums 2000 v3.4.07 Vulnerability. (BID36710)
  • Apache Tomcat Windows Installer Insecure Password Vulnerability. (CVE 2009-3548)
  • Asterisk SIP Response Username Enumeration Remote Information Disclosure Vulnerability. (CVE 2009-3727)
  • Cookies without HTTPOnly attribute accessible by scripts. (CVE 2009-3566)
  • XM Easy Personal FTP Server File/Folder Remote Denial of Service Vulnerability. (CVE 2009-4108)
  • XOOPS Multiple Unspecified Vulnerabilities. (CVE 2009-3963)
  • XOOPS Profile Activation Security Bypass Vulnerability. (BID37028)
  • F-Secure Products PDF Files Scan Evasion Vulnerability. (BID36876)
  • Digium Asterisk RTP Comfort Noise Frame Processing Denial of Service. (CVE 2009-4055)

New exploits in this version:

  • Mac OS X support for Microsoft JIT Escape function exploit. (CVE 2009-2477)
  • Sun Java Runtime Environment AWT setDiffICM exploit. (CVE 2009-3869)
  • Symantec Altiris AeXNSConsoleUtilties RunCmd exploit. (CVE 2009-3033)
  • Linux support for Novell eDirectory DHost modules exploit
  • VideoLAN VLC Media Player MP4_BoxDumpStructure Buffer Overflow exploit. (BID 36439)

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Penetration testing & Ethical Hacking
Vulnerability Management
Vulnerability Scanner