SAINT version 6.10 is now available
SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved
NEW FEATURES
Credentials manager
- Easily configure a scan to run with different credentials for different target ranges
- Store credentials for later use
SAINTmanager audit logging
- See which users have logged in, run scans, modified settings, etc. and when
Data Sanitization
- Automatically remove identifying information from IP addresses and hostnames
New custom scan level template: All exploitable vulnerabilities
- Easily create a custom scan level containing vulnerabilities which SAINTexploit can
exploit
New exploit tools
- Read cached Internet Explorer passwords (requires an existing connection)
- E-mail attachment execution
- Upload command to Startup folder (requires a login and password)
NEW EXPLOITS
- HP OpenView Network Node Manager getcvdata.exe exploit (CVE 2008-0067)
- Oracle Secure Backup login.php rbtool command injection exploit (CVE 2008-5448)
- Oracle Secure Backup NDMP_CONECT_CLIENT_AUTH exploit.
(CVE 2008-5444)
NEW VULNERABILITY CHECKS
- Oracle Critical Patch Update Advisory - January 2009 (CVE 2008-3999 , CVE 2008-5437, etc.)
- Apple QuickTime Multiple Vulnerabilities fixed in 7.6 (CVE 2009-0001 , CVE 2009-0007, etc.)
- Multiple Oracle Secure Backup Administration Server Command Injection
vulnerabilities fixed in 10.2.0.3 (CVE 2008-4006 , CVE 2008-5448 , CVE 2008-5449) - Google Chrome FTP Client PASV Port Scan Information Disclosure Vulnerability (BID33112)
- Hummingbird Exceed ActiveX vulnerability (CVE 2008-4729)
- Hummingbird Deployment Wizard ActiveX vulnerability (CVE 2008-4728)
- Oracle BEA WebLogic Server Apache Connector Heap Buffer Overflow (CVE 2008-5457)
- KDE Konqueror 4.1 Multiple Cross-Site Scripting and Denial of Service
Vulnerabilities (BID33085) - Winamp MP3 and AIFF File Parsing Multiple Buffer Overflow Vulnerabilities (BID33226)
- Openfire ’log.jsp’ Directory Traversal Vulnerability (BID32945)
- Symantec Mail Security For SMTP Denial Of Service Vulnerability (BID33146)
- Oracle Secure Backup NDMP CONECT_CLIENT_AUTH Command Buffer Overflow (CVE 2008-5444)
- Office OCX Multiple ActiveX Controls OpenWebFile Arbitrary Program Execution Vulnerability (BID33243)
- Asterisk IAX2 Authentication Response Remote Information Disclosure Vulnerability (CVE 2009-0041)
- Symantec AppStream Client LaunchObj ActiveX Control Arbitrary Program Execution(CVE 2008-4388)
- Serv-U Remote Denial of Service Vulnerabilities (BID33180)
- Apache Roller ’q’ parameter XSS vulnerability
- PHP ’popen()’ Function Buffer Overflow Vulnerability (BID33216)
- CuteNews ’add_ip’ Parameter PHP Code Injection Vulnerability (BID33167)
- Linux Kernel ’locks_remove_flock()’ Local Race Condition Vulnerability (CVE 2008-4307)
- Linux Kernel ’sys_remap_file_pages()’ Local Privilege Escalation Vulnerability (CVE 2009-0024)
- CitectSCADA buffer overflow (CVE 2008-2639)
Post scriptum
Compliance Mandates
|
Related Articles
| Penetration testing & Ethical Hacking |
|
| Saint |
|
| Vulnerability Scanner |
|
