Saint vulnerability scanner v6.7.3 released

by

In: Saint , Vulnerability Scanner

17 February 2008

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved.

New vulnerability checks in version 6.7.3:

  • Active Directory and ADAM denial of service vulnerability (MS08-003)
  • Windows Vista TCP/IP denial of service (MS08-004)
  • IIS file update notification privilege elevation vulnerability (MS08-005)
  • IIS ASP remote code execution (MS08-006)
  • WebDAV Mini-Redirector remote code execution (MS08-007)
  • OLE Automation heap overrun overflow (MS08-008)
  • Microsoft Word memory corruption vulnerability (MS08-009)
  • Internet Explorer vulnerabilities (MS08-010)
  • Microsoft Works converter arbitrary code execution (MS08-011)
  • Microsoft Office Publisher Arbitrary Code Execution vulnerabilities (MS08-012)
  • Microsoft Office VBA Arbitrary Code Execution vulnerability. (MS08-013)
  • Mac OS X 10.5.2 and Security Update 2008-001
  • Quicktime vulnerabilities
  • Skype cross-zone scripting remote code execution vulnerability
  • MiniWeb HTTP server directory traversal
  • Lycos File Upload Activex Control buffer overflow
  • Firebird database overlong username buffer overflow
  • CandyPress SQL injection
  • HP Virtual Rooms Install ActiveX Control vulnerability
  • Comodo Antivirus ActiveX Control Arbitrary cmd execution
  • multiple vulnerabilities fixed in X.Org X11 R7.3 X server 1.4.1
  • OpenBSD BGPD cross-site scripting (/cgi-bin/bgplg)
  • WordPress Adserve plugin SQL injection (adclick.php)
  • SQLiteManager remote file include (confirm.php)
  • Joomla Glossary component SQL injection
  • BIND inet_network() Off-by-One Buffer Overflow
    - ELOG cross-site scripting and denial of service vulnerabilities
  • YahooJukebox ActiveX vulnerabilities
  • Titan FTP Server buffer overflow
  • eLynx Swiftview buffer overflow vulnerability
  • Irfanview FlashPix memory corruption vulnerability
  • Firebird XDR Protocol denial of service
  • UltraVNC VNCViewer buffer overflow
  • multiple HTTP File Server (HFS) vulnerabilities
  • Mantis ’Most Active bugs’ Summary cross-site scripting vulnerability
  • Symantec Backup Exec System Recovery Manager file upload vulnerability
  • YaBB SE Cookie security bypass vulnerability
  • local file include vulnerability in phpCMS
  • multiple Mozilla Firefox vulnerabilities
  • multiple Mozilla SeaMonkey vulnerabilities
  • multiple Mozilla Thunderbird vulnerabilities
  • IBM DB2 memory corruption vulnerability
  • Adobe PDF Javascript buffer overflow vulnerability

New exploits in this version:

  • Lotus Notes MIF attachment viewer exploit
  • Oracle Database XDB PITRIG_TRUNCATE exploit
  • Winamp Ultravox streaming metadata exploit
  • Firebird username buffer overflow exploit
  • Yahoo! Music Jukebox exploit

Post scriptum

  • [Download->http://download.saintcorporation.com/downloads/saintbasic-6.7.3tar.gz

Compliance Mandates

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Saint
Vulnerability Scanner