Sunday, January 25, 2009

Saint security scanner 6.9.8 available

SAINT is the Security Administrator’s Integrated Network Tool. It is used to non-intrusively detect security vulnerabilities on any remote target, including servers, workstations, networking devices, and other types of nodes. It will also gather information such as operating system types and open ports. The SAINT graphical user interface provides access to SAINT’s data management, scan configuration, scan scheduling, and data analysis capabilities through a web browser. Different aspects of the scan results are presented in hyperlinked HTML pages, and reports on complete scan results can be generated and saved

New vulnerability checks in version 6.9.8:

multiple buffer overflow vulnerabilities in SMB. (MS09-001) (CVE 2008-4114 CVE 2008-4834 CVE 2008-4835)
HP OpenView Network Node Manager Toolbar.exe HTTP Request Buffer Overflow. (CVE 2008-0067)
SAPgui ActiveX Simba MDrmSap Remote Execution Vulnerability(CVE 2008-4387)
RealNetworks Helix Server RTSP DESCRIBE Heap Buffer Overflow. (SA33360)
PHP mbstring extension buffer overflow(CVE 2008-5557)
PHP ’imageRotate()’ Uninitialized Memory Information Disclosure Vulnerability. (CVE 2008-5498)
Linux Kernel ’ib700wdt.c’ Buffer Underflow Vulnerability. (CVE 2008-5702)
Opera9 heap corruption vulnerability. (CVE 2008-5679)
RealNetworks Helix Server RTSP SETUP Stack Buffer Overflow. (SA33360)
PGP Desktop ’PGPweded.sys’ Local Denial of Service Vulnerability. (CVE 2008-5731)
Drupal XSS vulnerability CVE 2008-4710
IceWarp MailServer Cross-site Scripting Vulnerabilities (CVE 2008-0218 and CVE 2008-5734)
MediaWiki Cross-site Scripting Vulnerabilities(CVE 2008-5249 and CVE 2008-5250)
PHP mbstring extension Buffer Overflow(CVE 2008-5557)
Trend Micro HouseCall use-after-free ActiveX vulnerability. (CVE 2008-2435)
Microsoft Office SharePoint security bypass vulnerability. (CVE 2008-4032)
Adobe Flash Player for Linux ActionScript ASnative Command Execution. (CVE 2008-5499)
Samba Root File System Access Security Bypass. (CVE 2009-0022)
SAP GUI TabOne ActiveX Control Caption List Buffer Overflow. (CVE 2008-4827)
xterm DECRQSS Remote Command Execution Vulnerability. (CVE 2006-7236 CVE 2008-2383)
Google Chrome Carriage Return Remote Denial of Service Vulnerability. (CVE 2008-4340)
OpenSSL security bypass in versions 0.9.8i and earlier. (CVE 2008-5077)
multiple integer overflow vulnerabilities in Python. (CVE 2008-5031, CVE 2008-4864)
Asterisk Authentication Denial of Service(CVE 2008-5558)
Linux Kernel ’FWD-TSN’ Chunk Remote Buffer Overflow Vulnerability. (BID 33113)
Apple Safari Webkit "alink" Property Memory Leak Remote Denial of Service. (CVE 2008-5821)
VMware Player and Workstation ’vmware-authd’ Multiple Remote Denial of Service Vulnerabilities.(BID33095)
DotNetNuke User Account Security Bypass Vulnerability.(BID33109)

New exploits in this version:

Adobe Flash Player SWF command injection exploit. (CVE 2008-5499)
HP OpenView Network Node Manager Toolbar.exe CGI exploit. (CVE 2008-0067)
Opera file:// URI exploit. (CVE 2008-5178)


No comments: