Saint Vulnerability Scanner and Exploiter v7.2.7 released

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and save.

New features in this version:

  • SAINTmanager
    • Added view/modify control of Management/Options (i.e., Scanning and Startup Configuration Options) within roles. Also enforce these permissions in Scan Setup except for viewing Scan Level settings.
  • SAINTexploit:
    • Added support for file transfers using VBscript encoder/decoder
  • SAINTwriter:
    • Added option to link CVEs for all formats except XML
    • Added content search report template in SAINTwriter
JPEG - 31.3 kb

New vulnerability checks in version 7.2.7:

  • Multiple Vulnerabilities in gzip 1.3.12 and prior. (CVE 2009-2624 CVE 2010-0001)
  • Linux Kernel "mmap()" and "mremap()" multiple Denial of Service vulnerabilities. (CVE 2010-0291)
  • Google Chrome Style Sheet Redirection Information Disclosure Vulnerability. (CVE 2010-0315)
  • Sun Java System Web Server Digest Authentication Remote Buffer Overflow Vulnerability. (BID37896)
  • Oracle TimesTen In-Memory Database HTTP Request Denial of Service Vulnerability. (BID38019)
  • HP System Management Homepage Cross Site Scripting Vulnerability. (CVE 2009-4185)
  • Cisco Secure Desktop Cross Site Scripting Vulnerability. (CVE 2010-0440)
  • Sun Java System Application Server Cross Site Tracing Vulnerability. (CVE 2010-0386)
  • Sun Java System Web Server WEBDAV Stack Buffer Overflow Vulnerability. (BID37874)
  • Multiple Vulnerabilities fixed in Google Chrome 4.0.249.78. (BID37948)
  • Multiple Vulnerabilities in InterBase SMP 2009. (CVE 2010-0391)
  • Oracle cleartext passwords stored in database links. (Requires Oracle authentication.)
  • Oracle users with privileges to the database link table (sys.link$). (Requires Oracle authentication.)
  • Oracle sys.utl_file package executable by the public role. (Requires Oracle authentication.)
  • Flash cross-domain security policy containing wildcards
  • Zope ’standard_error_message’ Cross-Site Scripting Vulnerability (BID37765)
  • Safari Style Sheet Redirection Information Disclosure Vulnerability. (CVE 2010-0314)
  • Oracle users with privileges to the audit table (sys.aud$). (Requires Oracle authentication.)
  • Oracle session auditing not enabled. (Requires Oracle authentication.)
  • Webmin unspecified XSS vulnerability. (CVE 2009-4568)
  • multiple vulnerabilities in openoffice. (CVE 2009-2949 CVE 2009-2950 ...)
  • Jetty JSP Snoop Page Multiple Cross-Site Scripting Vulnerabilities. (CVE 2009-4612)
  • PDF-XChange Viewer Remote Code Execution Vulnerability (BID37582)

New exploits in this version:

  • Microsoft Powerpoint exploit. (CVE 2010-0031)
  • Eureka Email POP3 Error Stack Buffer Overflow exploit. (CVE 2009-3837)
  • Wireshark LWRES dissector exploit. (CVE 2010-0304)
  • Xi Software Net Transport eDonkey Protocol Buffer Overflow exploit

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Penetration testing & Ethical Hacking
Saint
Vulnerability Scanner