SAINT® 6.7.11 Released

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

New vulnerability checks in version 6.7.11:

  • Bluetooth Windows stack overflow remote code execution vulnerability (MS08-030) (CVE2008-1453)
  • cumulative Internet Explorer vulnerability (MS08-031) (CVE2008-1442CVE2008-1544)
  • Cumulative Security Update of ActiveX Kill Bits (MS08-032) (CVE2007-0675)
  • Windows DirectX SAMI-MJPEG remote code execution (MS08-033) (CVE2008-0011CVE2008-1444)
  • WINS local privilege elevation vulnerability (MS08-034) (CVE2008-1451)
  • Active Directory Denial of Service vulnerability (MS08-035) (CVE2008-1445)
  • PGM Denial of Service vulnerabilities (MS08-036) (CVE2008-1440CVE2008-1441)
  • Quicktime vulnerabilities (CVE2008-1581CVE2008-1582CVE2008-1583CVE2008-1584CVE2008-1585)
  • Campus Bulletin Board Cross-Site Scripting Vulnerability (CVE2008-2493)
  • IBM Lotus Sametime Server Multiplexer Stack Buffer Overflow(CVE2008-2499)
  • Cerulean Studios Trillian Multiple Vulnerabilities(CVE2008-2407CVE2008-2408CVE2008-2409)
  • Xerox WorkCentre Xerox Security Bulletin XRX08_001 (CVE2007-2446CVE2007-2447)
  • Apple Safari and Microsoft Windows Client-side Code Execution Vulnerability (CVE2008-2540)
  • HTTPS cookies without secure attribute vulnerability (CVE2004-0462)
  • Alt-N Technologies SecurityGateway username Buffer Overflow
  • Lenovo System Update SSL Certificate Validation Security Bypass
  • OpenSSL Multiple Denial of Service Vulnerabilities (CVE2008-0891CVE2008-1672)
  • CA eTrust Secure Content Manager FTP Gateway LIST Command Buffer Overflow (CVE2008-2541)
  • prefilled authentication credentials
  • Snort vulnerability (CVE2008-1804)

New exploits in this version:

  • IBM Lotus Sametime Community Services Multiplexer exploit (CVE2008-2499)
  • CA ARCserve Backup caloggerd exploit (CVE2008-2242)
  • Lotus Notes Applix Graphics viewer exploit (CVE2007-5405)

New SAINTWriter features in version 6.7.11:

  • Ability to list number of exploits available in Host Table for SAINT scanner.
  • Additional information available for scanned hosts: Web Directories, CGI pages and default arguments, and the remote extensions handled by the remote ASP.NET server.

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Penetration testing & Ethical Hacking
Saint
Vulnerability Management
Vulnerability Scanner