Saint Scanner Version 6.6 released

SAINT, or the Security Administrator’s Integrated Network Tool, uncovers areas of weakness and recommends fixes. With SAINT® vulnerability assessment tool, you can:

  • Detect and fix possible weaknesses in your network’s security before they can be exploited by intruders.
  • Anticipate and prevent common system vulnerabilities.
  • Demonstrate compliance with current government regulations such as FISMA, Sarbanes Oxley, GLBA, HIPAA, and COPP

New vulnerability checks in version 6.6:

  • Microsoft Agent ActiveX vulnerability (MS07-051)
  • Microsoft Visual Studio Crystal Reports vulnerability (MS07-052)
  • Windows Services for UNIX setuid privilege elevation (MS07-053)
  • Updated check for Live Messenger/ MSN messenger vulnerability (MS07-054)
  • Kerberos kadmind vulnerabilities
  • iTunes covr atom buffer overflow
  • Motorola Timbuktu vulnerabilities
  • Oracle JInitiator ActiveX control buffer overflows
  • eCentrex VoIP Client ActiveX Control buffer overflow
  • mod_proxy crafted date handling denial of service
  • ZoneAlarm Multiple IOCTL Privilege Escalation Vulnerabilities
  • Yahoo Messenger ActiveX Control vulnerabilities
  • ACTi Network Video Recorder ActiveX vulnerabilities
  • ClamAV remote code execution and denial of service vulnerabilities
  • SIDVault LDAP server remote code execution
  • Legato NetWorker (dangerous check)
  • PHP5 IISFunc extension remote code execution
  • WS_FTP cross-site scripting vulnerability
  • Debian 4.0 X11 vulnerability
  • Cisco VTY authentication bypass
  • Emacs vulnerability
  • Microsoft SQL Server ActiveX vulnerability

New exploits in this version:

  • Linux support to Snort Back Orifice pre-processor exploit
  • option to sort by year to exploits.pl
  • clamav-milter popen command injection exploit
  • Linux support for Borland Interbase CREATE exploit
  • Microsoft Agent exploit

New features in 6.6:

  • Improved status page for interactive scans
  • Animated images show which probes are still running and which have finished
  • Uploading of target files on Scan Setup page
  • Specify targets remotely from a file on your PC
  • Browsing of exploits by year on the Exploits page
  • Easy access to the latest exploits
  • Scheduling of quarterly scans
  • Fast exclusions option for easier management of exclusions in large data sets

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Penetration testing & Ethical Hacking
Saint
Vulnerability Scanner