Saint scanner 6.10.5 available

by

In: Saint , Vulnerability Scanner

8 May 2009

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

New vulnerability checks in version 6.10.5:

  • Oracle Critical Patch Update Advisory - April 2009. (CVE 2009-0985 CVE 2009-0988 and etc.)
  • Linux Kernel CIFS Remote Buffer Overflow Vulnerability. (CVE 2009-1439)
  • IBM Lotus Domino IMAP Server Remote Denial of Service Vulnerability.(CVE 2009-1286)
  • Squid Proxy Cache ICAP Adaptation Denial of Service Vulnerability. (BID34277)
  • Opera XML Parser Remote Denial of Service Vulnerability. (CVE 2009-1234)
  • SAP MaxDB ’webdbm’ Multiple Cross Site Scripting Vulnerabilities. (BID34319)
  • phpMyAdmin ’setup.php’ PHP Code Injection Vulnerability. (CVE 2009-1151)
  • VMware Hosted Products VMSA-2009-0005 Multiple Remote Vulnerabilities.(CVE 2008-4916 CVE 2009-0908 and etc.)
  • ClamAV Prior to 0.95.1 Multiple Remote Denial of Service Vulnerabilities (BID34446)
  • IBM WebSphere Application Server Username Token Option Session Hijacking Vulnerability. (CVE 2009-0891)
  • ClamAV RAR File Scan Evasion Vulnerability. (CVE 2009-1241)
  • Asterisk Authentication SIP Response Remote Information Disclosure Vulnerability. (CVE 2008-3903)
  • ClamAV Multiple Remote Denial of Service Vulnerabilities. (CVE 2008-6680 CVE 2009-1270)
  • Apache Tomcat mod_jk Content Length Information Disclosure Vulnerability. (CVE 2008-5519)
  • MIT Kerberos SPNEGO and ASN.1 Multiple Remote Denial Of Service Vulnerabilities. (CVE 2009-0844 CVE 2009-0847)
  • Apache mod_perl ’Apache::Status’ and ’Apache2::Status’ Cross Site Scripting Vulnerability. (CVE 2009-0796)
  • IBM WebSphere Application Server File Permission Vulnerability. (CVE 2009-1173)
  • Wireshark Prior to 1.0.7 Multiple Denial Of Service Vulnerabilities.(CVE 2009-1267 CVE 2009-1268 CVE 2009-1269)
  • VMware Multiple Hosted Products Display Function Code Execution Vulnerability.(CVE 2009-1244)
  • PHP cURL ’safe_mode’ and ’open_basedir’ Restriction-Bypass Vulnerability. (BID34475)
  • PGP Desktop "pgpdisk.sys" Local Denial of Service. (CVE 2009-0681)

New exploits in this version:

  • WordPad Word 97 text converter exploit. (CVE 2008-4841)
  • Microsoft PowerPoint invalid object reference exploit. (CVE 2009-0556)
  • Microsoft Excel SST code execution exploit. (CVE 2009-0238)
  • WordPad Word97 text converter exploit. (CVE 2009-0235)

Post scriptum

Compliance Mandates

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Saint
Vulnerability Scanner