At SAINT, we respond quickly to vulnerability discoveries. Our engineers continuously update and refine our products to meet the latest security protocols. In addition, when a security alert is issued, we inform our customers via
Windows insecure library loading vulnerability
Mac OS X Security Update 2010-005.
Shockwave vulnerabilities fixed by APSB10-20.
Exploits now available via SAINT Express:
Microsoft Windows Movie Maker MediaClipString Buffer Overflow exploit
SAINT® 7.4.6 Released 08/27/2010
New features in this version:
SAINTexploit:- ARP Spoof exploit tool
- Added XCCDF Benchmark Evaluation (XCCDF Scan Level)
- Added XCCDF Reporting
- Added support for External Variable files (OVAL variables schema and .var files)
- Added XCCDF Profile creation/selection tool
Administrative Functions:
- When selecting backup and restore admin function, the previously SAINTwriter saved reports
would be included in the functionality as well.
SAINTwriter:
- Added PCI vulnerability severity levels in compliance with PCI DSS.
Database Format:
The all-hosts file, which keeps track of what hosts SAINT has seen while scanning networks, now includes two new fields:
- System Class - The host's general system type, such as Windows or Linux
- System Type - The host's specific operating system, including the version number of service pack level, if known.
New vulnerability checks in version 7.4.6:
- Windows insecure library loading vulnerability
- Mac OS X Security Update 2010-005. (CVE 2010-1800 CVE 2010-1808 and etc.)
- Shockwave vulnerabilities fixed by APSB10-20. (CVE 2010-2863 through CVE 2010-2882)
- Adobe Acrobat and Reader Font Parsing Remote Code Execution Vulnerability. (CVE 2010-2862)
- Opera 'opera:config' Security Bypass Vulnerability. (BID41927)
- Mozilla Firefox and SeaMonkey Plugin Parameters Buffer Overflow Vulnerability.(CVE 2010-1214)
- Sophos Filter Driver NtQueryAttributesFile Vulnerability. (CVE 2010-2308)
- Apache HTTP Server Multiple Remote Denial of Service Vulnerabilities. (CVE 2010-1452)
- vBulletin 'faq.php' Information Disclosure Vulnerability.(BID41875)
- PHP Multiple Vulnerabilities fixed in 5.2.14.(CVE 2010-2484 CVE 2010-2531)
- Cisco ASA 5580 series multiple vulnerabilities. (CVE 2009-4910 CVE 2009-4911 etc.)
- Linux Kernel CIFS DNS Lookup Cache Poisoning Vulnerability. (CVE 2010-2524)
- Linux Kernel Btrfs Overwrite Append-Only Files Local Security Bypass Vulnerability. (CVE 2010-2537)
- Juniper Cross Site Scripting
- Panda local kernel stack corruption vulnerability
- FreeType multiple vulnerabilities fixed in version 2.4.0. (CVE 2010-2497 CVE 2010-2498 etc.)
- Multiple Vulnerabilities fixed in Safari 5.0.1. (CVE 2010-1778 CVE 2010-1780 and etc.)
- Xerver Multiple Vulnerabilities. (BID42110)
- Avast! Internet Security 'aswFW.sys' Driver IOCTL Handling Local Denial of Service Vulnerability. (BID42148)
- Oracle Secure Backup Server Authentication Bypass Vulnerability. (CVE 2010-0904)
- Symantec Alert Management System Arbitrary Command Execution Vulnerability. (BID41959)
- GnuPG 'GPGSM Tool' Certificate Importing Remote Code Execution Vulnerability. (CVE 2010-2547)
- Palo Alto Firewall XSS Vulnerability. (CVE 2010-0475)
- AIX FTP Information Disclosure Vulnerability. (SA40617)
- PHP-Fusion Remote Command Execution Vulnerability.(BID41758)
- HP OpenView Network Node Manager 'OvJavaLocale' Cookie Value Remote Code Execution Vulnerability. (CVE 2010-2709)
- Novell iPrint Client ExecuteRequest debug Parameter Remote Code Execution. (BID42100)
- Opera Web Browser prior to 10.61 Multiple Security Vulnerabilities. (CVE 2010-2576 CVE 2010-3021 and etc.)
- Linux Kernel Userspace Stack Growth Memory Corruption. (CVE 2010-2240)
- Drupal Actions Feature Nodes and Taxonomy XSS. (SA40930)
- Multiple vulnerabilities fixed in Serv-U 10.2.0.0. (SA41018)
- Microsoft Windows Service Isolation Bypass Local Privilege Escalation. (Advisory 2264072) (CVE 2010-1886)
- VLC Media Player Meta-Information Remote Denial of Service Vulnerability. (CVE 2010-2937)
- WordPress 'wp-admin/plugins.php' Cross Site Scripting Vulnerability. (BID42440)
New exploits in this version:
- Microsoft Office Word RTF Parsing Engine Memory Corruption exploit. (CVE 2010-1901)
- Novell iPrint Client ExecuteRequest exploit
- Microsoft Office Excel PivotTable Cache Data Record Handling Overflow exploit. (CVE 2010-2562)
- Symantec Alert Management Service hndlrsvc exploit
- HP OpenView NNM getnnmdata.exe CGI ICount Parameter Buffer Overflow exploit. (CVE 2010-1554)
- Novell iPrint Client ActiveX control call-back-url exploit. (CVE 2010-1527)
- Microsoft Windows Movie Maker MediaClipString Buffer Overflow exploit. (CVE 2010-2564)

