Saint vulnerability scanner v6.10.8 available

by

In: Penetration testing & Ethical Hacking , Saint , Vulnerability Scanner

7 June 2009

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

HADOPI - Le Net en France : black-out

New vulnerability checks in version 6.10.8:

  • Microsoft DirectShow QuickTime Movie Parsing Code Execution. (CVE 2009-1537)
  • GNOME Evolution " /.evolution/mail/local" File Permission. (CVE 2009-1631)
  • Novell GroupWise Internet Agent Email Address Processing Buffer Overflow.(CVE 2009-1636)
  • McAfee archive file virus detection bypass. (CVE 2009-1348)
  • Tivoli Storage Manager vulnerabilities. (CVE 2009-1520, CVE 2009-1521, CVE 2009-1522, CVE 2009-1178)
  • Sun Java System Calendar Express vulnerabilities. (CVE 2009-1218, CVE 2009-1219)
  • ClamAV ’clamav-milter’ Initscript File Permission Vulnerability. (CVE 2009-1601)
  • Adobe Acrobat and Reader Unspecified Remote Heap Memory Corruption Vulnerability. (BID34768)
  • Bugzilla cross-site request forgery. (CVE 2009-1213)
  • Google Chrome ’throw()’ function Null Pointer Dereference Remote Denial of Service Vulnerability. (CVE 2009-1514)
  • Multiple Vendors NTP Daemon Autokey Stack Buffer Overflow.(CVE 2009-1252)
  • Openfire jabber:iq:auth ’passwd_change’ Remote Password Change Vulnerability. (CVE 2009-1595)
  • Linux Kernel ’ptrace_attach()’ Local Privilege Escalation Vulnerability. (CVE 2009-1527)
  • IceWarp Merak Mail Server ’Forgot Password’ Input Validation Vulnerability. (CVE 2009-1469)
  • @Mail ’admin.php’ Cross-Site Scripting Vulnerabilities.(BID34762)
  • Drupal HTML Injection and Information Disclosure Vulnerabilities. (CVE 2009-1575 CVE 2009-1576)
  • Multiple Vulnerabilities fixed in IceWarp Merak Mail Server 9.4.2. (CVE 2009-1467 CVE 2009-1468)
  • Mac OS X Security Update 2009-002.(CVE 2009-0150 CVE 2009-0160 and etc.)
  • "Xlight FTP Server ’user’ SQL Injection Vulnerability" (BID34288)
  • SquirrelMail Prior to 1.4.18 Multiple Vulnerabilities.(CVE 2009-1578 CVE 2009-1579 and etc.)
  • PHP ’mb_ereg_replace()’ String Evaluation Vulnerability. (BID34873)
  • Blackberry Attachment Service PDF distiller vulnerability
  • Nortel Application Gateway password disclosure
  • TYPSoft FTP Server ’ABORT’ Command Remote Denial of Service Vulnerability. (CVE 2009-1668)

New exploits in this version:

  • Microsoft PowerPoint 2000 exploit. (CVE 2009-1131)
  • Linux support to Firefox UTF8 exploit. (CVE 2008-0016)
  • Windows GDI privilege elevation exploit. (CVE 2006-5758)

HADOPI - Le Net en France : black-out

Post scriptum

Compliance Mandates

  • Penetration testing & Ethical Hacking :

    PCI DSS 11.3, SOX A13.3, GLBA 16 CFR Part 314.4 (c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001/27002 12.6, 15.2.2

  • Vulnerability Scanner :

    PCI DSS 11.2, 6.6, SOX A13.3, GLBA 16CFR Part 314.4(c), HIPAA 164.308(a)(8), FISMA RA-5, SI-2, ISO 27001-27002 12.6, 15.2.2


Related Articles

Penetration testing & Ethical Hacking
Saint
Vulnerability Scanner