SAINT® 7.2.5 Released

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and save.

New features in this version:

  • Automatically regenerates dynamic keys with the specified IP addresses.
  • Added new configuration settings to allow user to set SAINTexploit connectback address separately from $my_address.

New vulnerability checks in version 7.2.5:

  • Out-of-band cumulative security update for Internet Explorer (MS10-002) (CVE 2009-4074, etc.)
  • Oracle Secure Backup Remote Code Execution Vulnerability. (CVE 2010-0072)
  • Lotus Domino Web Access Multiple Cross-site Scripting vulnerabilities. (CVE 2010-0274 CVE 2010-0275 CVE 2010-0276)
  • Serv-U File Server User Directory Information Disclosure Vulnerability. (BID37414)
  • corehttp off-by-one overflow (CVE 2009-3586)
  • PHP ’htmlspecialcharacters()’ Malformed Multibyte Character Cross Site Scripting Vulnerability.(CVE 2009-4142)
  • multiple vulnerabilities fixed in Wireshark 1.2.5. (CVE 2009-4376 CVE 2009-4377 CVE 2009-4378)
  • Multiple vulnerabilities in Winamp version 5.56 and prior. (CVE 2009-3995 CVE 2009-3996 CVE 2009-3997)
  • Kaspersky Products ’Every One’ Group Insecure Permissions Local Privilege Escalation Vulnerability. (CVE 2009-4452)
  • MyBB ’myps.php’ Cross Site Scripting Vulnerability. (BID37464)
  • Linux Kernel ’fuse_ioctl_copy_user()’ Local Denial of Service Vulnerability. (CVE 2009-4410)
  • Novell iManager Importing/Exporting Schema Stack Buffer Overflow Vulnerability. (CVE 2009-4486)
  • Sun Java System Directory Server Multiple Remote Vulnerabilities.(CVE 2009-4440 CVE 2009-4441 and etc.)
  • vBulletin Spoof User Data Unspecified Input Validation Vulnerability.(BID37545)
  • phpLDAPadmin Directory Traversal Vulnerability. (CVE 2009-4427)
  • Libpurple MSN-SLP Emoticon Directory Traversal Vulnerability. (CVE 2010-0013)
  • ACDSee XMB Processing Buffer Overflow Vulnerability. (BID37685)
  • Linux Kernel RTL8169 NIC ’RxMaxSize’ Frame Size Remote Denial of Service Vulnerability. (CVE 2009-4537)
JPEG - 31.3 kb

New exploits in this version:

  • Internet Explorer use-after-free exploit. (CVE 2010-0249)
  • Adobe Illustrator EPS File DSC Comment Buffer Overflow exploit. (CVE 2009-4195)
  • ACD Systems ACDSee Products XBM File Handling Buffer Overflow exploit

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

Related Articles

Penetration testing & Ethical Hacking
Vulnerability Scanner