SAINT® 7.1.5 Released

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and save

New features in version 7.1.5:

  • HTTP Basic authentication
  • Scan for vulnerabilities in password-protected web directories.
  • Reporting of results from exploit tools
  • See results of click logger, phishing tool, and other tools in SAINTwriter.
JPEG - 31.3 kb

New vulnerability checks in version 7.1.5:

  • Oracle Critical Patch Update Advisory - October 2009. (CVE2009-1979CVE2009-1992 and etc.)
  • HP LoadRunner XUpload.ocx ActiveX Control Arbitrary File Download.(CVE2009-3693)
  • Cisco IOS software bundled advisory. (CVE2009-2862, etc.)
  • multiple vulnerabilities fixed in Wireshark 1.2.2.(CVE2009-3241CVE2009-3242CVE2009-3243)
  • Mozilla Bugzilla URL Password Information Disclosure Vulnerability. (CVE2009-3166)
  • Multiple Vulnerabilities fixed in Pidgin 2.6.1. (CVE2009-3025CVE2009-3026)
  • Cerberus FTP Server Long Command Remote Denial of Service Vulnerability. (BID36390)
  • VLC Media Player CUE File Buffer Overflow Vulnerability. (BID36403)
  • Cyrus IMAP local buffer overflow (BID36296)
  • Google Chrome prior to Multiple Security Vulnerabilities. (CVE2009-3263CVE2009-3264)
  • Opera Unspecified Security Bypass Vulnerability. (CVE2009-3265CVE2009-3266)
  • Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability. (CVE2009-2903)
  • Mozilla Bugzilla ’’ WebService Function SQL Injection Vulnerability. (CVE2009-3125)
  • Mozilla Bugzilla ’Bug.create()’ WebService Function SQL Injection Vulnerability. (CVE2009-3165)
  • nginx WebDAV Multiple Directory Traversal Vulnerabilities. (BID36490)
  • Arbitrary File Read and Directory Traversal in DWebPro (BID34721)
  • Apple iTunes ’.pls’ File Buffer Overflow Vulnerability. (CVE2009-2817)
  • PHP Multiple Vulnerabilities fixed in 5.2.11.(CVE2009-3291CVE2009-3292CVE2009-3293)
  • nginx Proxy DNS Cache Domain Spoofing Vulnerability. (BID36438)
  • Drupal Arbitrary File Upload and Session Fixation Vulnerabilities. (BID36431)
  • INFORMIX IDS remote Denial-of-Service vulnerability (CVE2009-3470)
  • IBM WebSphere Application Server Vulnerabilities fixed in (CVE2009-2742CVE2009-2743CVE2009-2744)
  • Linux Kernel ’find_ie()’ Function Remote Denial of Service Vulnerability. (CVE2009-3280)
  • Linux kernel ’O_EXCL’ NFSv4 Privilege Escalation Vulnerability. (CVE2009-3286)
  • Linux Kernel ’perf_counter_open()’ Local Buffer Overflow Vulnerability. (CVE2009-3234)
  • DNS servers supporting recursive queries
  • Google Chrome ’dtoa()’ Remote Code Execution Vulnerability. (CVE2009-0689)
  • multiple PostgreSQL vulnerabilities (CVE2009-3229, CVE2009-3230, CVE2009-3231)

New exploits in this version:

  • IBM Installation Manager iim URI Handling Code Execution exploit. (CVE2009-3519)
  • HP LoadRunner XUpload ActiveX control file download exploit. (CVE2009-3693)
  • Microsoft Office Art Property Table Memory Corruption exploit. (CVE 2009-2528)
  • Adobe Reader FlateDecode integer overflow exploit. (CVE 2009-3459)

Post scriptum

Compliance Mandates

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

Related Articles

Vulnerability Management
Vulnerability Scanner