SAINTÂ® v7.2.3 updates - now SCAP support -

In: Penetration testing & Ethical Hacking , Saint , Vulnerability Management

26 December 2009

SAINT is the Security Administratorâ€™s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINTâ€™s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and save.

Version 7.2.3

New features in this version:

OVAL reporting
Ability to import SCAP-expressed data streams.
Added diskspace counter and results deletion features.
Added support through the system characteristics and results schemas.

New vulnerability checks in version 7.2.3:

Linux Kernel KVM Large SMP Instruction Local Denial of Service Vulnerability. (CVE2009-4031)
Adobe Flash Player Multiple Vulnerabilities (APSB09-19). (CVE2009-3794CVE2009-3796 and etc.)
Novell eDirectory ’NDS Verb 0x1’ Request Heap Based Buffer Overflow Vulnerability. (CVE2009-0895)
EMC RepliStor rep_srv and ctrlservice Denial of Service. (CVE 2009-3744)
Multiple Vulnerabilities fixed in Adobe Shockwave Player 11.5.2.602. (CVE2009-3463CVE2009-3464 and etc.)
Google Chrome prior to 3.0.195.32 Multiple Security Vulnerabilities. (CVE2009-3934)
MyBB Multiple vulnerabilities in 1.4.8. (BID36463)
WordPress Multiple Vulnerabilities. (CVE2009-3622CVE2009-3890CVE2009-3891 and BID37005)
Xerver HTTP Response Splitting Vulnerability. (CVE2009-4086)
Linux Kernel ’nfs4_proc_lock()’ Local Denial of Service Vulnerability. (CVE2009-3726)
Linux Kernel ’fput()’ NULL Pointer Dereference Local Denial of Service Vulnerabilty. (CVE2009-3888)
Home FTP Server 1.10.1.139 Multiple Security Vulnerabilities. (CVE2009-4051CVE2009-4053)
IBM WebSphere Application Server Administrative Console HTML Injection Vulnerability. (CVE2009-2747)
Opera Web Browser prior to 10.10 Multiple Security Vulnerabilities. (CVE2009-4071CVE2009-4072)
ISC BIND 9 DNSSEC Query Response Additional Section Remote Cache Poisoning Vulnerability. (CVE2009-4022)
Mozilla Firefox ’libpr0n’ GIF File Handling Denial of Service Vulnerability.(CVE2009-3978)
HP OpenView Network Node Manager ovalarm.exe Accept-Language Buffer Overflow. (CVE2009-4179)
Cisco VPN Client for Windows ’StartServiceCtrlDispatche’ Local Denial of Service Vulnerability. (CVE2009-4118)
Linux Kernel ’fuse_direct_io()’ Invalid Pointer Dereference Local Denial of Service Vulnerability. (CVE2009-4021)
Linux Kernel ’drivers/scsi/gdth.c’ Local Privilege Escalation Vulnerability. (CVE 2009-3080)
DotNetNuke Cross Site Scripting and Information Disclosure Vulnerabilities.(CVE2009-4109CVE2009-4110)
Apache Tomcat 404 Error Page Cross Site Scripting Vulnerability. (BID37149)
PHP ’proc_open()’ ’safe_mode_protected_env_var’ Restriction-Bypass Vulnerability.(CVE2009-4018)
Invision Power Board Multiple SQL Injection Vulnerabilities. (CVE2009-3974)
Linux Kernel ’net/mac80211/’ Multiple Remote Denial of Service Vulnerabilities. (CVE2009-4026CVE2009-4027)
Linux Kernel ’drivers/char/n_tty.c’ NULL Pointer Dereference Denial of Service Vulnerability. (BID37147)
CA Service Desk Cross-Site Scripting Vulnerability. (CVE2009-4149)
Novell eDirectory ’/dhost/modules?I:’ Buffer Overflow Vulnerability. (BID37009)
Invision Power Board Local File Include and SQL Injection Vulnerability. (BID37208)
Invision Power Board MIME-Type Cross Site Scripting Vulnerabilities. (BID37263, BID37310)
VLC Media Player RTSP Remote Buffer Overflow Vulnerability. (BID37236)

New exploits in this version:

EasyMail SMTP ActiveX Control AddAttachment buffer overflow exploit. (BID 36440)
HP OpenView Network Node Manager ovalarm.exe Accept-Language exploit. (CVE2009-4179)
Adobe Reader media.newPlayer Use-After-Free Code Execution exploit. (CVE2009-4324)

Post scriptum

Download SAINT v7.2.3 released

Compliance Mandates

Penetration testing & Ethical Hacking :
PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2
Vulnerability Management :
PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2

Penetration testing & Ethical Hacking	10 May 2010 : SQLNinja v0.2.5 released! 1 May 2010 : DAVTest v1.0 - WebDAV Application 25 April 2010 : (Paper) Pentesting Adobe Flex Applications (introducing new tool Blazentoo) 25 April 2010 : SIP Inspector v1.10 released 15 April 2010 : Ubuntu Pentest Edition v2.03 released
Saint	15 April 2010 : SAINTÂ® 7.3.3 Released 9 April 2010 : SARA-7.9.2a the final version released 1 April 2010 : SAINTÂ® v7.3.2 Released 16 March 2010 : Saint Vulnerability Scanner v7.3 on the wild 27 February 2010 : Saint Vulnerability Scanner and Exploiter v7.2.7 released
Vulnerability Management	28 April 2010 : Nessus Parsing Tools v1.3.1 15 April 2010 : Nessus v4.2.2 released 9 March 2010 : Dradis v2.5.1 released 7 March 2010 : Samurai Web Testing Framework 0.8 available 1 March 2010 : Security-Database Vulnerability Dashboard updates

SAINTÂ® v7.2.3 updates - now SCAP support -

Post scriptum

Compliance Mandates

Related Articles

Follow us

Like us !

Most Read

Advertising

License

Categories

COMPANY

STANDARDS

RECENT POSTS

MENU