SAINT v7.2.6 released

In: Penetration testing & Ethical Hacking , Saint , Vulnerability Scanner

16 February 2010

SAINT is the Security Administratorâ€™s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINTâ€™s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and save.

Version 7.2.6

New features in this version:

SAINTManager:
- Added audit log entry for deleting scheduled scans.
- Added scheduling, recovery, and SAINTmanager support for OVAL scans.
SAINTWriter:
- Ability to list CVSS score per CVE (HTML, FRAMELESS, TAB and PDF formats)
- Ability to search by reference ID’s (MS #, CERT #, etc.) in custom scan level setup.

New vulnerability checks in version 7.2.6:

Microsoft Office remote code excution vulnerability (MS10-003). (CVE 2010-0243)
Microsoft Office Powerpoint remote code execution vulnerability (MS10-004). (CVE 2010-0029, CVE 2010-0030, CVE 2010-0031, CVE 2010-0032, CVE 2010-0033, CVE 2010-0034)
Microsoft Paint Integer Overflow vulnerability (MS10-005). (CVE 2010-0028)
Microsoft SMB Client Remote Code Execution vulnerabilities (MS10-006). (CVE 2010-0016, CVE 2010-0017)
Windows Shell Handler vulnerability (MS10-007). (CVE 2010-0027)
Microsoft Data Analyzer ActiveX Kill Bits (MS10-008). (CVE 2010-0252)
TCP/IP driver vulnerabilities (MS10-009). (CVE 2010-0239, CVE 2010-0240, etc.)
Microsoft Hyper-V Server Denial of Service Vulnerability (MS10-010). (CVE 2010-0026)
Microsoft CSRSS Elevation of Privilege vulnerability (MS10-011). (CVE 2010-0023)
SMB Server Service vulnerabilities (MS10-012). (CVE 2010-0020, CVE 2010-0021, etc.)
Windows DirectShow AVI buffer overflow (MS10-013). (CVE 2010-0250)
Windows Kerberos denial-of-service vulnerability (MS10-014). (CVE 2010-0035)
Elevation of Privilege Vulnerabilities in Windows Kernel (MS10-015). (CVE 2010-0232 CVE 2010-0233)
MIT Kerberos AES and RC4 Decryption Integer Underflow Vulnerabilities. (CVE 2009-4212)
multiple vulnerabilities in Microsoft Windows Flash Player 6. (SA27105)
Multiple Vulnerabilities fixed in PowerDNS Recursor 3.1.7.2. (CVE 2009-4009 CVE 2009-4010)
MySQL 5.0.51a Unspecified Remote Code Execution Vulnerability. (CVE 2009-4484)
nginx Terminal Escape Sequence in Logs Command Injection vulnerability. (CVE 2009-4487)
Cherokee Terminal Escape Sequence in Logs Command Injection Vulnerability. (CVE 2009-4489)
Sun Java System Directory Server ’core_get_proxyauth_dn’ Denial of Service Vulnerability.(CVE 2010-0313)
RealNetworks RealPlayer ".rm" File Malformed URI Remote Denial of Service vulnerability. (BID37704)
Acme thttpd Terminal Escape Sequence in Logs Command Injection Vulnerability. (CVE 2009-4491)
HP Power Manager formExportDataLogs Buffer Overflow.(CVE 2009-3999)
Drupal 6.15 Multiple HTML Injection Vulnerabilities. (BID37676)
eStore SQL injection vulnerability. (BID37525)
Adobe Illustrator buffer overflow. (CVE 2009-3952)
HP Power Manager formExportDataLogs Directory Traversal.(CVE 2009-4000)
Adobe Reader and Acrobat 9.2 Multiple Vulnerabilities. (CVE 2009-3953 CVE 2009-3954 and etc.)
Linux Kernel ’print_fatal_signal()’ Local Information Disclosure Vulnerability. (CVE 2010-0003)
Linux Kernel ’ebtables’ Security Bypass Vulnerability. (CVE 2010-0007)
Multiple Vulnerabilities fixed in Adobe Shockwave Player 11.5.6.606. (CVE 2009-4002 CVE 2009-4003)
Mac OS X Security Update 2010-001.(CVE 2010-0036 CVE 2010-0037 and etc.)
WebLogic Server Node Manager Command Execution vulnerability. (BID37926)
vBulletin ’misc.php’ SQL Injection Vulnerability.(BID37854)
SurgeFTP ’surgeftpmgr.cgi’ Multiple Cross Site Scripting Vulnerabilities.(BID37844)
Vulnerabilities fixed in phpMyAdmin 2.11.10. (CVE 2008-7251 CVE 2008-7252 CVE 2009-4605)
Multiple Remote Vulnerabilities in WebLogic Server. (CVE 2010-0068 CVE 2010-0069 CVE 2010-0074 CVE 2010-0078)
ISC BIND 9 DNSSEC Bogus NXDOMAIN Response Remote Cache Poisoning Vulnerability. (CVE 2010-0097)
IBM DB2 SQL REPEAT Buffer Overflow Vulnerability. (BID37976)
OpenOffice ’.csv’ File Remote Denial of Service Vulnerability. (BID37807)
XOOPS Cross Site Scripting and SQL Injection Vulnerabilities. (SA37920)
HP OpenView Network Node Manager nnmRptConfig.exe Buffer Overflow. (CVE 2009-3848)
HP OpenView Network Node Manager snmp.exe Buffer Overflow. (CVE 2009-3849)
SAP MaxDB Unspecified Information Disclosure and Denial of Service Vulnerabilities. (BID37766)
PHPCart Cross Site Scripting Vulnerability. (BID37567)
MercuryBoard Cross Site Scripting Vulnerability (BID37605)
Sun Java System Web Server Admin Server Denial of Service Vulnerability. (BID37909)
Microsoft Internet Explorer Security Zone Bypass. (CVE 2010-0255)
Multiple RealNetworks Products Multiple Remote Vulnerabilities. (CVE 2009-4241 CVE 2009-4242 and etc.)
Adobe Flash Media Server arbitrary DLL loading vulnerability (CVE 2009-1365)
Adobe Flash Media Server remote Action Script and Dos vulnerabilities (CVE 2009-3791 CVE 2009-3792)
BigAnt USV Request Buffer Overflow (BID37520)
Cisco WebEx WRF Player buffer overflow in atrpui.dll(CVE 2009-2880)
Unbound DNS NSEC3 Signature Verification DNS Spoofing Vulnerability (CVE 2009-3602)
httpdx Remote Source Code Disclosure (SA36734)
web server default web pages
OpenOffice ’.slk’ File NULL Pointer Dereference Remote Denial of Service Vulnerability. (BID37857)
Adobe Flash Player SWF File Denial of Service Vulnerability. (BID37850)
VLC Media Player ASS File Buffer Overflow Vulnerability. (CVE 2010-0364)
Ruby malformed HTTP request vulnerability. (CVE 2009-4492)
Linux Kernel ’fasync_helper()’ Local Privilege Escalation Vulnerability. (CVE 2009-4141)
Linux Kernel ’ipv6_hop_jumbo()’ Remote Denial of Service Vulnerability. (CVE 2010-0006)

New exploits in this version:

HP Power Manager formExportDataLogs exploit. (CVE 2009-3999)
Novell iPrint Client ienipp.ocx persistence parameter parsing buffer overflow exploit. (CVE 2009-1569)
PHP remote file inclusion exploit
HP Openview Storage Data Protector buffer overflow exploit
Sun Java System Web Server WebDAV OPTIONS request exploit. (CVE 2010-0361)
BigAnt Messenger Server USV Command Buffer Overflow exploit. (BID 37520)

Post scriptum

Download SAINT v7.2.6 released

Compliance Mandates

Penetration testing & Ethical Hacking :
PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2
Vulnerability Scanner :
PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

Penetration testing & Ethical Hacking	10 May 2010 : SQLNinja v0.2.5 released! 1 May 2010 : DAVTest v1.0 - WebDAV Application 25 April 2010 : (Paper) Pentesting Adobe Flex Applications (introducing new tool Blazentoo) 25 April 2010 : SIP Inspector v1.10 released 15 April 2010 : Ubuntu Pentest Edition v2.03 released
Saint	15 April 2010 : SAINTÂ® 7.3.3 Released 9 April 2010 : SARA-7.9.2a the final version released 1 April 2010 : SAINTÂ® v7.3.2 Released 16 March 2010 : Saint Vulnerability Scanner v7.3 on the wild 27 February 2010 : Saint Vulnerability Scanner and Exploiter v7.2.7 released
Vulnerability Scanner	12 May 2010 : Complemento v0.7.6 - Collection of Tools 26 April 2010 : Acunetix WVS v6.5 build 20100419 released 22 April 2010 : OpenSCAP v0.5.9 released 20 April 2010 : Sandcat v4.0 released 15 April 2010 : Nessus v4.2.2 released

SAINT v7.2.6 released

Post scriptum

Compliance Mandates

Related Articles

Follow us

Like us !

Most Read

Advertising

License

Categories

COMPANY

STANDARDS

RECENT POSTS

MENU