Saint 6.8 released

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

New vulnerability checks in version 6.8:

  • Microsoft Word Remote Code Execution vulnerability (MS08-042). (CVE 2008-2244)
  • Microsoft Excel Remote Code Execution vulnerabilities (MS08-043). (CVE 2008-3003 CVE 2008-3004 and etc.)
  • Microsoft Office Filters Remote Code Execution vulnerability. (MS08-044) (CVE 2008-3018 CVE 2008-3019 and etc.)
  • cumulative Internet Explorer vulnerability. (MS08-045) (CVE 2008-2255 CVE 2008-2256 and etc.)
  • MS Image Color Mgmt vulnerability. (MS08-046) (CVE 2008-2245)
  • windows IPsec vulnerability in windows 2008/vista. (MS08-047) (CVE 2008-2246)
  • MHTML protocol handler in Microsoft Outlook and Windows Mail. (MS08-048) (CVE 2008-1448)
  • Windows event system vulnerabilities (MS08-049)
  • Windows Messenger UIAutomation ActiveX control vulnerability (MS08-050)
  • Microsoft PowerPoint vulnerabilities (MS08-051)
  • RealNetworks RealPlayer ActiveX Import Method Buffer Overflow. (CVE 2008-3066)
  • Debian OpenSSH SELinux Privilege Escalation. (CVE 2008-3234)
  • Trend Micro OfficeScan objRemoveCtrl ActiveX Control Buffer Overflow
  • Black Ice Annotation SDK BiAnno Control Buffer Overflow. (CVE 2008-2745)
  • multiple drupal vulnerabilities
  • Dokeos vulnerability in versions up to and including 1.8.5
  • RealNetworks Update Advisory - July 2008. (CVE 2007-5400 CVE 2008-1309 CVE 2008-3064)
  • Digium Asterisk IAX2 Request Denial of Service. (CVE 2008-3263 CVE 2008-3264)
  • CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow. (CVE 2008-3175)
  • Sophos Antivirus denial of service vulnerability
  • Cisco IOS DNS cache poisoning vulnerability. (CVE 2008-1447)
  • CyberLink PowerDVD PlayList File Handling Stack Overflow
  • sftpd FTP Server Pluggable Authentication Module Remote Denial of Service. (CVE 2008-2375)
  • GNOME Project libxslt Library RC4 Key String Buffer Overflow. (CVE 2008-2935)
  • OpenSSH X11UseLocalhost X11 Forwarding Session Hijacking Vulnerability. (CVE 2008-3259)
  • Apache HTTP Server mod_proxy_ftp Wildcard Characters Cross-Site Scripting. (CVE 2008-2939)
  • possible storage of sensitive information on hard drives
  • @Mail Multiple Local Information Disclosure Vulnerabilities. (CVE 2008-3395)
  • multiple cross-site scripting vulnerabilities in Claroline
  • vulnerability in phpScheduleIt versions 1.2.0 through 1.2.9
  • unrestricted file upload vulnerability in PhotoPost vBGallery
  • Cisco Webex Meeting Manager atucfobj ActiveX Control Buffer Overflow. (CVE 2008-3558)
  • vulnerable AuraCMS versions 2.2 - 2.2.2. (CVE 2008-3203)
  • Axesstel modem authentication bypass vulnerability. (CVE 2008-3411)
  • CoolPlayer Playlist File Handling Buffer Overflow. (CVE 2008-3408)

New exploits in this version:

  • Apache Tomcat JK Web Connector exploit. (CVE 2007-0774)
  • RealPlayer rjbdll.dll ActiveX exploit. (CVE 2008-3066)
  • Trend Micro OfficeScan objRemoveCtrl ActiveX exploit. (CVE 2008-3364)
  • CA ARCserve for Laptops and Desktops handshake exploit. (CVE 2008-3175)
  • CoolPlayer m3u playlist exploit. (CVE 2008-3408)
  • Internet Explorer print preview exploit. (CVE 2008-2259)

Post scriptum

Compliance Mandates

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Vulnerability Management
Vulnerability Scanner