SAINT® 7.1.5 Released
SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and save
New features in version 7.1.5:
- HTTP Basic authentication
- Scan for vulnerabilities in password-protected web directories.
- Reporting of results from exploit tools
- See results of click logger, phishing tool, and other tools in SAINTwriter.
New vulnerability checks in version 7.1.5:
- Oracle Critical Patch Update Advisory - October 2009. (CVE2009-1979CVE2009-1992 and etc.)
- HP LoadRunner XUpload.ocx ActiveX Control Arbitrary File Download.(CVE2009-3693)
- Cisco IOS software bundled advisory. (CVE2009-2862, etc.)
- multiple vulnerabilities fixed in Wireshark 1.2.2.(CVE2009-3241CVE2009-3242CVE2009-3243)
- Mozilla Bugzilla URL Password Information Disclosure Vulnerability. (CVE2009-3166)
- Multiple Vulnerabilities fixed in Pidgin 2.6.1. (CVE2009-3025CVE2009-3026)
- Cerberus FTP Server Long Command Remote Denial of Service Vulnerability. (BID36390)
- VLC Media Player CUE File Buffer Overflow Vulnerability. (BID36403)
- Cyrus IMAP local buffer overflow (BID36296)
- Google Chrome prior to 3.0.195.21 Multiple Security Vulnerabilities. (CVE2009-3263CVE2009-3264)
- Opera Unspecified Security Bypass Vulnerability. (CVE2009-3265CVE2009-3266)
- Linux Kernel AppleTalk Driver IP Over DDP Remote Denial of Service Vulnerability. (CVE2009-2903)
- Mozilla Bugzilla ’Bug.search()’ WebService Function SQL Injection Vulnerability. (CVE2009-3125)
- Mozilla Bugzilla ’Bug.create()’ WebService Function SQL Injection Vulnerability. (CVE2009-3165)
- nginx WebDAV Multiple Directory Traversal Vulnerabilities. (BID36490)
- Arbitrary File Read and Directory Traversal in DWebPro (BID34721)
- Apple iTunes ’.pls’ File Buffer Overflow Vulnerability. (CVE2009-2817)
- PHP Multiple Vulnerabilities fixed in 5.2.11.(CVE2009-3291CVE2009-3292CVE2009-3293)
- nginx Proxy DNS Cache Domain Spoofing Vulnerability. (BID36438)
- Drupal Arbitrary File Upload and Session Fixation Vulnerabilities. (BID36431)
- INFORMIX IDS remote Denial-of-Service vulnerability (CVE2009-3470)
- IBM WebSphere Application Server Vulnerabilities fixed in 6.1.0.27. (CVE2009-2742CVE2009-2743CVE2009-2744)
- Linux Kernel ’find_ie()’ Function Remote Denial of Service Vulnerability. (CVE2009-3280)
- Linux kernel ’O_EXCL’ NFSv4 Privilege Escalation Vulnerability. (CVE2009-3286)
- Linux Kernel ’perf_counter_open()’ Local Buffer Overflow Vulnerability. (CVE2009-3234)
- DNS servers supporting recursive queries
- Google Chrome ’dtoa()’ Remote Code Execution Vulnerability. (CVE2009-0689)
- multiple PostgreSQL vulnerabilities (CVE2009-3229, CVE2009-3230, CVE2009-3231)
New exploits in this version:
- IBM Installation Manager iim URI Handling Code Execution exploit. (CVE2009-3519)
- HP LoadRunner XUpload ActiveX control file download exploit. (CVE2009-3693)
- Microsoft Office Art Property Table Memory Corruption exploit. (CVE 2009-2528)
- Adobe Reader FlateDecode integer overflow exploit. (CVE 2009-3459)
Post scriptum
Compliance Mandates
|