
Updated SAINT 3.4.10 --> 3.4.11: Changes described below

2/19/02  Added check for unauthorized password change
	 vulnerability in HP AdvanceStack switch.

2/19/02  Added information on Oracle EXTPROC arbitrary
	 library function execution to Oracle_TNS_Listener
	 tutorial.

2/19/02  Added information on Oracle JSP source code
	 exposure to Oracle_vulnerabilities tutorial.

2/20/02  Added information on latest vulnerability to CUPS
	 tutorial. (No change required to the check.)

2/20/02  Added check for potential buffer overflow in NetWin
	 CWMail.exe. (m.l.)

2/21/02  Removed rexec.saint, and made a rule in
	 rules/facts instead.

2/21/02  Removed rexd vulnerability from rules/facts. This
	 vulnerability is already covered by rex.saint.

2/22/02  Added check for globals.jsa under Oracle demo.
	 This file is only there if demo is installed, but
	 serves as a backup check for Oracle iAS.

2/22/02  Updated switch_access tutorial with workaround for
	 AdvanceStack vulnerability from vendor bulletin.

2/22/02  Added check for potential buffer overflow in
	 webnews.exe.

2/25/02  Updated http_potential_problems.html with
	 additional webnews.exe vulnerability, default
	 hardcoded accounts and passwords.

2/26/02  Added check for multiple vulnerabilities in Squid.

2/27/02  Added check for PHP buffer overflow.

2/27/02  Released 3.4.11.

Updated SAINT 3.4.9 --> 3.4.10: Changes described below

1/29/02  Added check for multiple vulnerabilities in
	 Avirt products: HTTP proxy buffer overflow,
	 telnet proxy buffer overflow, and telnet proxy
	 directory listing and DOS prompt access

1/29/02  Fixed another problem in text-output.pl. Facts
	 need to be chomped.

1/30/02  Added check for vulnerability in Squirrelmail.
	 (check_me.mod.php)

1/31/02  Added check for vulnerability in Ganglia.(graph.php)

2/4/02   Fixed bug in rules/todo where telnet.saint was
	 causing rlogin.saint to run.

2/4/02   Added check for MS Site Server default password
	 LDAP_Anonymous/LdapPassword_1, which leads to
	 other vulnerabilities.

2/5/02   Removed mountd.saint. Linux mountd and nfsd will
	 now be detected by rules/facts.

2/5/02   Added check for buffer overflow in libgtop_daemon,
	 which is not the same as the format string
	 vulnerability. (Tutorial change only.)

2/5/02   Changed Oracle 8i to Oracle Internet Directory
	 in LDAP tutorial to be more accurate, along with
	 CERT, CIAC, and CVE. (Not sure why it was 8i
	 in the first place.)

2/12/02  Added information on Exchange 2000 System
	 Attendant in registry access tutorial.

2/12/02  Updated Oracle tutorial for new vulnerabilities
	 in Oracle 9iAS PL/SQL.

2/13/02  Updated check for Microsoft Telnet Server due to
	 new buffer overflow.

2/13/02  Updated Lotus HTTP server tutorial with reference
	 to latest version, 5.0.9a, which fixes a minor
	 denial-of-service problem.

2/13/02  Modified viewcode.jse check so it wouldn't false
	 alarm on IIS servers.

2/14/02  Added rule to report a potential vulnerability for
	 all devices offering SNMP

2/14/02  Released 3.4.10.

Updated SAINT 3.4.8 --> 3.4.9: Changes described below

1/11/02  Added check for BEA WebLogic DOS device request
	 denial of service.

1/11/02  Added check for vulnerable Bugzilla version. This
	 obsoletes the checks for globals.cgi and
	 process_bug.cgi, which were therefore removed.

1/14/02  Modified text-output.pl to sort the output from
	 command-line scans, courtesy of Charles Clarke.

1/17/02  Fixed bug in check for Apache for Windows.

1/17/02  Fixed bug in http.saint that caused false alarms 
	 on some devices that answer 200 OK to every request
	 in /cgi-bin/ but 404 for everything else.

1/17/02  Added check for iPlanet web publishing denial
	 of service vulnerability in wp-html-rend command.

1/18/02  Added check for groff format string vulnerability
	 through lpd. (Same check as for LPRng and Linux lpd.)

1/18/02  Added check for glob denial of service in ProFTP.

1/22/02  Changed NFS rules to case-insensitive in trust
	 ruleset. This may have been causing NFS trust
	 to go uncategorized.

1/23/02  Removed rules with a condition of $severity eq "l"
	 from rules/todo and rules/trust, since this
	 severity level has never been used in SAINT.
	 (It is left over from original SATAN rule sets.)

1/24/02  In FTP filename globbing tutorial, removed
	 ftpglob.patch as an option for fixing wu-ftpd 2.6.1,
	 since upgrading to 2.6.2 is still necessary to fix
	 the debug mode format string vulnerability.

1/24/02  Removed port 80 from nmap scan in ostype.saint due
	 to report that it has bad effects on Cisco 15454
	 Sonic Mux. Replaced it with port 25.

1/25/02  Added check for AOL ICQ clients.

1/25/02  Added check for buffer overflow in BOOZT!

1/28/02  Added check for rsyncd vulnerability.

1/28/02  Released 3.4.9.

Updated SAINT 3.4.7 --> 3.4.8: Changes described below

12/26/01 Added check for pipe command execution in Exim.

12/26/01 Added check for Oracle iAS buffer overflow and
	 double-decoding vulnerabilities. (Tutorial change
	 only.)

12/26/01 Added check for ScriptEase: Web Server Edition
	 arbitrary file read on Netware.

12/28/01 Modified smurf check to remove false positives
	 due to local broadcast addresses being generated
	 by alternate netmasks.

1/2/02   Added check for zml.cgi.

1/7/02   Removed irix.saint script which only checked for
	 objectserver daemon and replaced it with a line
	 in rules/facts.

1/9/02   Added check for php.exe arbitrary file read on
	 Apache for Windows.

1/9/02   Added check for Hosting Controller (filemanager.asp).

1/9/02   Released 3.4.8.

Updated SAINT 3.4.6 --> 3.4.7: Changes described below

12/18/01 Added extreme mode check for login. Rewrote
	 rlogin.saint in PERL to facilitate the change.

12/20/01 Removed extreme mode check for login, because it
	 gives false negatives for targets other than
	 Solaris. Moved CRC-32 attack detection vulnerability
	 description to the top of the SSH tutorial.

12/21/01 Added a more specific check for SSH1 fallback
	 vulnerability in OpenSSH.

12/21/01 Added check for glibc glob vulnerability in
	 OpenBSD ftpd Linux ports.

12/21/01 Added check for Microsoft Universal Plug and Play.

12/21/01 Released 3.4.7.

Updated SAINT 3.4.5 --> 3.4.6: Changes described below

12/4/01  Added check for JRun directory listing vulnerability.

12/4/01  Added check for dangerous sample scripts in
	 AspUpload.

12/6/01  Improved ssh.saint to reduce false alarms on
	 ssh1 fallback vulnerability.

12/6/01  Updated check for OpenBSD lpd for new file
	 creation vulnerability.

12/7/01  Added check for command execution in PGPMail.

12/13/01 Added check for command execution in csvform.pl.

12/13/01 Added check for UseLogin privilege elevation
	 vulnerability in OpenSSH.

12/13/01 Added check for System V login buffer overflow.

12/13/01 Released 3.4.6.

Updated SAINT 3.4.4 --> 3.4.5: Changes described below

11/16/01 Added check for file copy and deletion vulnerability
	 in PHP Nuke (case.filemanager.php).

11/19/01 Fixed saintwriter.pl so that data sets chosen
	 under trend analysis report will not affect other
	 reports. dataset_ and vulnerability (red_, etc.)
	 variables will not be rewritten when report is
	 generated from the short form, except when the
	 trend analysis report is selected, in which case
	 dataset_ variables are rewritten.

11/20/01 Based on suggestion from beta tester, trimmed down
	 the default SAINTwriter Trend Analysis report, to
	 make the actual trend analysis information more
	 prominent.

11/20/01 Added check for logic flaw in HP-UX rlpdaemon.

11/21/01 Moved host name resolution from bin/get_targets
	 to perl/targets.pl:target_acquisition(), and
	 added check that fqdn resolves back to original
	 IP address. This is to ensure that the intended
	 IP address is scanned for dual-homed targets.

11/26/01 Added check for vulnerability in Network Tools
	 add-on to PHP Nuke.

11/27/01 Added check for the latest format string
	 vulnerability in RWhois. (Not the same as the one
	 added on 10/29/01.)

11/27/01 Added check for web traversal vulnerability in
	 Informix Web DataBlade.

11/30/01 Changed infer_facts.pl to recognize the UNKNOWN
	 keyword in rules/facts, similar to rules/hosttype.

11/30/01 Added check for globbing problem in wu-ftpd.

11/30/01 Added check for multiple vulnerabilities in
	 OpenSSH.

11/30/01 Added check for susehelp.

11/30/01 Added check for sensitive information disclosure
	 in Red Hat Stronghold server.

11/30/01 Added check for libgtop_daemon.

11/30/01 Released 3.4.5.

Updated SAINT 3.4.3 --> 3.4.4: Changes described below

10/30/01 Any version of SSH Communications Security sshd
	 2.x or 3.x now issues a warning due to the
	 possibility that a vulnerable version of sshd 1.x
	 is installed for SSH1 fallback mode.

10/31/01 Added check for Nimda.E worm.

11/6/01  Added check for vulnerabilities in Lotus Domino
	 HTTP server: access control list bypass on
	 database views, Web Administrator template access,
	 and default navigator access. 

11/6/01  Added checks for OpenServer and IRIX to the check
	 for BSD lpd.

11/6/01  Added check for AIX lpd.

11/6/01  Added checks for Sendmail option transmission
	 and hostname authentication bypass vulnerabilities
	 in multiple vendor's lpd. (Tutorial changes only.)

11/8/01  Added check for STAT command buffer overflow in
	 WS_FTP 2.0.3.

11/8/01  Added check for Entrust GetAccess file read
	 (helpwin.gas.bat).

11/13/01 Added check for CDE Subprocess Control daemon.

11/13/01 Released 3.4.4.

Updated SAINT 3.4.2 --> 3.4.3: Changes described below

10/22/01 Added reference to CIAC Bulletin M-006 to
	 telnetd tutorial. 

10/23/01 Fixed bug in policy-engine.pl (&match_host) which
	 was causing $only_attack_these and $dont_attack_these
	 to be parsed improperly. Bug was introduced in 2.0.2.

10/23/01 Fixed bug in exclusions.pl which was causing
	 "other" services to be re-counted each time
	 &make_service_exclusion_info was called.

10/23/01 Added check for globbing vulnerability in SCO
	 UnixWare ftpd.

10/23/01 Updated tooltalk check to check for UnixWare.

10/23/01 Added reference to updated htdig RPMs to
	 http_cgi_access tutorial.

10/23/01 Added information on lprold (related to BSD lpd)
	 vulnerability to Linux_lpd tutorial. (Linux lpd
	 was already checked for in printer.saint.)

10/24/01 Added reference to Sun Security Bulletin 209 to
	 yppasswdd tutorial. Unknown whether this is the
	 same as the existing vulnerability, and whether
	 Bulletin 203 is still relevant or ever was.
	 (SANS SAC reported it was.)

10/24/01 Added check for vulnerability in Post Nuke and
	 PHP Nuke (article.php).

10/24/01 Added check for path traversal vulnerability in
	 Novell GroupWise (servlet/webacc).

10/24/01 Added check for readable configuration file in
	 Trend Micro OfficeScan and Virus Buster.

10/25/01 Modified hosttype.pl to remove illegal characters
	 from host type, so scripts which pass host type
	 as command-line arguments will not fail.

10/25/01 Added check for multiple vulnerabilities in
	 IMail web interface and web calendaring. Added
	 an extreme-mode check for web calendaring.
	 Re-organized extreme-mode checks in http.saint to
	 improve readability.

10/25/01 Added additional vendor advisory links for ht://Dig
	 and Sun ntpd to tutorials.

10/26/01 Added check for remote command execution in
	 Network Query Tool.

10/26/01 Added check for vulnerability in Oracle Web Cache.

10/26/01 Added information on Windows Terminal Server invalid
	 RDP denial of service and Citrix MetaFrame denial of
	 service to Windows Terminal Server tutorial.

10/29/01 Added check for RWhois format string vulnerability.

10/29/01 Added check for Solaris fingerd information
	 disclosure vulnerability.

10/29/01 Released 3.4.3.

Updated SAINT 3.4.1 --> 3.4.2: Changes described below

10/5/01  Added check for new buffer overflow in Compaq
	 Insight Manager.

10/5/01  Added check for misconfiguration in PGP
	 Key Server (console.exe).

10/5/01  Fixed bug in saintwriter_form_long.pl that was
	 causing tech_details_reverse not to be pre-selected
	 properly.

10/10/01 Added ports 135, 445, and 500 to config/services
	 per suggestion from Tim Coote.

10/10/01 Fixed AIX compilation problem in dds.c. Thanks to
	 Christian Krackowizer for testing the fix. 

10/11/01 Fixed bug in netbios_name_request in
	 perllib/netbios.pl. Apparently some Windows 2000
	 systems return 0x0004 instead of 0x0044 after the
	 netbios name.

10/12/01 Added check for vulnerability in htsearch.

Updated SAINT 3.4 --> 3.4.1: Changes described below

9/20/01  Updated to CVE version 20010918.

9/20/01  Replaced #!/usr/local/bin/perl and #!/bin/perl
	 with #!/usr/bin/perl in PERL scripts to avoid
	 dependency problems in RPMs.

9/24/01  Fixed some links in tutorials to work with
	 SecurityFocus's redesigned web site.

9/24/01  Changed some old geek-girl links to SecurityFocus
	 Bugtraq in tutorials.

9/28/01  Added information on WebSphere predictable session
	 IDs to http_potential_problems.html.

9/28/01  Added check for file copying vulnerability in
	 PHP Nuke.

10/2/01  Updated cve ruleset and cross-reference list with
	 latest version of SANS Top 20. Updated top10 attack
	 level and re-named it to top20. Changed TOP 10
	 icon to TOP 20 and replaced all Top 10 references
	 to Top 20 in documentation.

10/2/01  Added rule for identifying Compaq Tru64 in
	 rules/hosttype. (Needed for tooltalk check.)

10/2/01  Added check for format string vulnerability in
	 tooltalk.

10/3/01  Released 3.4.1.

Updated SAINT 3.3.9 --> 3.4: Changes described below

9/4/01   Updated Sun_lpd tutorial to address new Sun
	 patches. Updated BSD_lpd tutorial to reference
	 FreeBSD patches.

9/4/01   Modified all SAINTwriter configuration files to
	 include new variables for SAINTwriter 2.0. Added
	 new configuration file trend.cf for Trend Analysis.

9/5/01   Modified saintwriter_form_long.pl to include
	 new options for SAINTwriter 2.0. Modified
	 perl/saintwriter.pl to process selection of
	 multiple data sets for trend analysis.

9/5/01   Added $web_server option to cause html.pl to
	 listen on a named pipe instead of a port.

9/6/01   Added scripts/saint.cgi to be placed in a web
	 server's cgi-bin directory to communicate with
	 SAINT via a named pipe when $web_server
	 option (or -w) is selected.

9/7/01   Added new SAINTwriter 2.0 options to
	 saintwriter_form.pl. Users can now select Trend
	 Analysis as a pre-configured report or select
	 RiskWatch export from the first SAINTwriter screen.

9/7/01   Changed scripts so users can no longer modify
	 pre-configured SAINTwriter reports from the GUI.
	 Instead, pre-configured reports can be used as
	 templates for new report types.

9/10/01  Added check for Apache authentication modules
	 vulnerable to SQL command injection.

9/11/01  Added check for vulnerable versions of Netscape
	 Administration Server on port 32766.

9/12/01  Re-arranged http.saint such that version check
	 comes first to get Netscape Administration Server
	 check to work consistently. Increased timeout
	 for HTTP version check on port 32766.

9/14/01  Re-arranged some variables in SAINTwriter config
	 files, because variables which are sub-strings of
	 other variables (e.g. bar_vulns, bar_vulnstatus)
	 confuse SAINTwriter versions 1.x.

9/14/01  Changed dataset variable format in SAINTwriter
	 config from scalars (e.g.  $dataset_saint-data)
	 to an associative array ($dataset{'saint-data'})
	 to avoid errors in PERL.

9/17/01  Added check for vulnerabilities in Power Up HTML
	 (r.cgi) and shopplus.cgi.

9/17/01  Added check for vulnerable scripts in Trend
	 Micro eManager.

9/17/01  Added check for vulnerabilities in EFTP.

9/19/01  Added check for Nimda worm.

9/19/01  Released 3.4.

For previous changes see READMEs/CHANGES-3.3
