Saint vulnerability scanner updated to v6.7.7
SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved
New feature in 6.7.7::
Configuration options to customize password policy checks:
- Password length - the required number of characters in the password
- Password history - number of previous passwords which cannot be re-used
- Maximum Age - days after which the user must change the password
- Minimum Age - days before which the user cannot change the password
- Lockout - the number of failed logins before the account is locked out
New vulnerability checks in version 6.7.7:
- cumulative Internet Explorer vulnerability (MS08-024)
- GDI remote code execution vulnerability (MS08-021)
- CUPS
- Firefox, Thunderbird and SeaMonkey
- Novell eDirectory LDAP DelRequest Message Handling Buffer Overflow
- Asterisk vulnerabilities
- Ruby
- Acrobat Reader Linux vulnerability
- OpenSSH
- Java Web Start vulnerabilities
- Internet Explorer vulnerabilities involving setRequestHeader
- additional Aurigma vulnerabilities
- ASUS Remote Console DPC Proxy Service Buffer Overflow
- solidDB vulnerabilities
- McAfee ePolicy Orchestrator Framework Services HTTP Buffer Overflow
- Cisco IOS vulnerabilities
- HP OpenView Network Node Manager HTTP Handling Buffer Overflow
- OpenVMS ssh
- QuickTime vulnerabilities
- Opera vulnerabilities
- Macrovision InstallShield OCI Untrusted Library Loading Vulnerability
- phpMyAdmin vulnerability
- Lighttpd
- Wireshark
- Asterisk Invalid RTP Payload Type Number Memory Corruption
- Windows DNS Spoofing vulnerability (MS08-020)
- hxvz.dll ActiveX vulnerability (MS08-023)
- Microsoft Project vulnerability (MS08-018)
- Windows kernel user mode callback vulnerability (MS08-025)
- Visio vulnerabilities (MS08-019)
- VBScript and JScript engine script decoding vulnerability (MS08-022)
New exploits in this version:
- Solaris rpc.ypupdated exploit
- MDaemon IMAP FETCH exploit
- Microsoft Office memory corruption exploit
- Cisco UCP CSuserCGI.exe exploit
Post scriptum
Compliance Mandates
|
Related Articles
Penetration testing & Ethical Hacking |
|
Saint |
|
Vulnerability Scanner |
|