SAINT® 7.3.3 Released

by

In: Saint , Vulnerability Management

15 April 2010

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved.

New features in this version:

SAINTManager:

  • Added "modify exclusions" permission.

New vulnerability checks in version 7.3.3:

  • Microsoft SMB Client Remote Code Execution vulnerabilities (MS10-020). (CVE 2009-3676 CVE 2010-0269, etc.)
  • vulnerable windows kernel version (MS10-021) (CVE 2010-0234 CVE 2010-0235, etc.)
  • Oracle Critical Patch Update Advisory - April 2010. (CVE 2010-0866 CVE 2010-0867, etc.)
  • Windows Authenticode Signature Verification vulnerabilities (MS10-019). (CVE 2010-0486 CVE 2010-0487)
  • Windows VB Script help file remote code execution vulnerability (MS10-022). (CVE 2010-0483)
  • MS Office Publisher vulnerability fixed by (MS10-023). (CVE 2010-0479)
  • Microsoft SMTP Service and Microsoft Exchange vulnerabilities (MS10-024). (CVE 2010-0024 CVE 2010-0025)
  • Windows Media Unicast Service buffer overflow (MS10-025). (CVE 2010-0478)
  • Windows level 3 codec remote code execution vulnerability (MS10-026). (CVE 2010-0480)
  • Windows Media Player 9 remote code execution vulnerability (MS10-027). (CVE 2010-0268)
  • vulnerable Visio vislib.dll version (MS10-028) (CVE 2010-0254 CVE 2010-0256)
  • Windows ISATAP Component spoofing vulnerability (MS10-029). (CVE 2010-0812)
  • VLC Media Player Bookmark Creation Buffer Overflow Vulnerability. (BID38569)
  • PostgreSQL JOIN Hashtable Size Integer Overflow Denial of Service. (CVE 2010-0733)
  • Samba ’CAP_DAC_OVERRIDE’ File Permissions Security Bypass Vulnerability. (CVE 2010-0728)
  • Linux Kernel Video Output Status Local Denial of Service Vulnerability. (BID38607)
  • SAP MaxDB ’serv.exe’ Unspecified Remote Code Execution Vulnerability. (CVE 2010-1185)
  • Cisco IOS vulnerabilities. (CVE 2010-0576 through CVE 2010-0586)
  • Skype URI Handling Security Vulnerability. (BID38699)
  • Skype URI Handling XML File Deletion Vulnerability. (SA38875)
  • OpenSSL Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability. (CVE 2009-3555)
  • XMail Insecure Temporary File Creation Vulnerability. (BID38427)
  • Autonomy KeyView OLE Document Integer Overflow Vulnerability. (CVE 2009-3032)
  • httpdx PNG File Handling Remote Denial of Service Vulnerability. (BID38638)
  • httpdx Multiple Remote Denial Of Service Vulnerabilities. (BID38718)
  • Cisco Unified Communications Manager Denial of Service Vulnerabilities. (CVE 2010-0587 CVE 2010-0588 and etc.)
  • Adobe Flash Player Local File Access Information Disclosure Vulnerability. (BID38517)
  • phpMyAdmin ’db_create.php’ Cross Site Scripting Vulnerability. (BID38707)
  • PHP xmlrpc Extension Multiple Remote Denial of Service Vulnerabilities. (CVE 2010-0397)
  • Drupal Prior to 6.16 and 5.22 Multiple Security Vulnerabilities. (BID38545)
  • CUPS File Descriptors Handling Use-After-Free Remote Denial Of Service Vulnerability. (CVE 2010-0302)
  • CUPS ’lppasswd’ Tool Localized Message String Security Weakness. (CVE 2010-0393)
  • Novell eDirectory DHost Weak Session Cookie Session Hijacking Vulnerability. (CVE 2009-4655)
  • Linux Kernel KVM ’hvc_console.c’ Local Denial of Service Vulnerability. (BID38537)
  • Adobe Acrobat and Reader vulnerabilities. (CVE 2010-0190, etc.)

New exploits in this version:

  • Internet Explorer iepeers.dll use-after-free exploit. (CVE 2010-0806)
  • Easy FTP Server MKD buffer overflow exploit
  • Windows Media Unicast Service exploit (MS10-025). (CVE 2010-0478)
JPEG - 31.3 kb

Post scriptum

Compliance Mandates

  • Vulnerability Management :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Saint
Vulnerability Management