Updated SAINT 2.1.2 --> 2.1.3: Changes described below

8/11/00  Added check for Sun AnswerBook2. (Only detected
	 at heavyplus scan level.)

8/11/00  Added check for dbconnect.inc file, found in
	 PCCS MySQL Database Admin Tool.

8/11/00  Removed port 5405 from heavy scan to avoid
	 crashing PC Duo. (Thanks to Daniel Curry and ARC.)

8/14/00  Added check for gopherd vulnerability.

8/14/00  Added check for wais.pl.

8/15/00  Rearranged facts.pl to infer all host types,
	 services, etc. before inferring todos and facts.
	 This way, host types discovered on the first
	 iteration can be used to infer facts or todos
	 on the next.

8/15/00  Added check for IRIX telnetd. (Made possible
	 by the above change.)

8/15/00  Added some missing plusses to rules/hosttype.

8/15/00  Released 2.1.3.

Updated SAINT 2.1.1 --> 2.1.2: Changes described below

7/14/00  Added check for pollit CGI.

7/14/00  Modified some of the tutorials to get
	 a more consistent format.

7/19/00  Moved emurl tutorial from http_cgi_access to
	 http_potential_problems, where it belongs.

7/19/00  Added checks for guestbook.cgi, excite, and
	 OmniHTTPD imagemap.exe.

7/19/00  Updated CVEs to version 20000712 and added
	 new Candidates to cross-reference list.

7/24/00  Added checks for setproctitle vulnerability
	 in ftpd: HP-UX, OpenBSD, and ProFTP

7/24/00  Added information on Linux statd format string
	 vulnerability to statd tutorial.

7/24/00  Rewrote statd.saint to not report on certain
	 known non-vulnerable operating systems

7/24/00  Added checks for Big Brother (2 vulnerabilities),
	 Apache::ASP (source.asp), Mini SQL (w3-msql),
	 AltaVista search engine (query).

7/24/00  Updated Candidate CVE list.

7/24/00  Released 2.1.2 Beta 1.

7/28/00  Added check for O'Reilly Website Pro
	 buffer overflow.

8/2/00   Fixed false positive problem in Cold Fusion check.

8/3/00   Added $my_address variable to saint.cf as a
	 workaround for "can't find my own hostname".

8/7/00   Added check for BEA WebLogic vulnerabilities.

8/7/00   Added new candidate CVEs to table.

8/7/00   Released 2.1.2.

Updated SAINT 2.1 --> 2.1.1: Changes described below

6/12/00  Added check for new innd vulnerability

6/15/00  Added multitasking capability to perl/todo.pl.  New threads
	 are spawned for each todo, up to a limit of $maximum_threads.

6/15/00  Added tooltalk.saint, cmsd.saint, and sadmind.saint instead
	 of having them in rules/facts. This allows a more intelligent
	 decision to be made, based on operating system version.

6/16/00  Added checks for HP Openview vulnerabilities in Network
	 Node Manager and OmniBack

6/16/00  Added checks for Cmail vulnerabilities.

6/16/00  Added some more error handling to html.pl as suggested
	 by Adam Pendleton.

6/16/00  Added note to remote mode documentation concerning
	 authentication of users behind proxy firewalls.

6/16/00  Released SAINT 2.1.1 beta 1.

6/20/00  Fixed some bugs in smb.saint. Added missing -N,
	 removed extra chops that were shortening netbios names,
	 made loop start at 2 instead of 10 so shares won't
	 be skipped

6/22/00  Declared optind in dds.c as needed for SunOS 4.
	 Thanks to Jim Houser.

6/22/00  Modified dds.c to use inet_addr instead of inet_aton
	 since some systems (e.g. SunOS 4) don't have the latter.
	 Thanks to Jim Houser for suggesting this.

6/27/00  Added check for wu-ftpd 2.6.0.

6/27/00  Released SAINT 2.1.1 beta 2.

6/30/00  Added checks for two vulnerabilities in HP JetAdmin

7/7/00   Updated the FTP vulnerabilities tutorial to reflect
	 the release of wu-ftpd 2.6.1. Changed wu-ftpd 2.6.0 severity
	 from brown to red.

7/10/00  Moved &set_host_time call up from &run_next_todo to the
	 parent process, so that scan time information will not
	 be lost in the child threads.

7/10/00  Released SAINT 2.1.1.

Updated SAINT 2.0.2 --> 2.1: Changes described below

5/16/00  Now you can use SAINT through a browser on a remote host.

5/16/00  Released 2.1 beta 1.

5/18/00  Added Logout button to main SAINT page.  Without logging
	 out, a client stays authenticated for as long as the server
	 runs, even if the browser closes

5/18/00  Added line to rules/todo to run http.saint on non-standard
	 http ports.

5/19/00  Added CGI checks for counter, calendar, and emurl.

5/23/00  Added new fork in html.pl to handle any requests that
	 come in while a scan is running.

5/23/00  Added checks for Kerberos services kshell, klogin, and kpopd.

5/23/00  Fixed bug in printing date to status file. (Month was always
	 off by one.)

5/23/00  Released 2.1 beta 2.

5/30/00  Removed -L option from ls in make_password_seed. It causes
	 an infinite loop on some Slackware systems which have
	 self-referencing symbolic links. (Thanks to Adam Edwards for
	 finding the problem.)

6/2/00   Modified code to display "top 10" icon next to vulnerabilities
	 on SANS top 10 list. Added new scan level to scan specifically
	 for these vulnerabilities.

6/2/00   Added some more error handling to perl/html.pl for remote mode.

6/2/00   Added link to customer feedback form on main SAINT page, in
	 place of link to authors page.

6/5/00   Added a "cve" file to scan results directory to keep track
	 of CVE and Top-10 information. This is to help with
	 add-ons (WebSaint, SAINTwriter). Created new $cve and $top10
	 hashes to store this information in memory, rather than
	 searching the list each time a report is generated.

6/6/00   Updated statd tutorial.

6/6/00   Added check for Linux nfsd buffer overflow.

6/6/00   Added check for QPOP euidl vulnerability. Improved the
	 pop3 check for UW pop servers, to search specifically for
	 vulnerable versions. (pre 3.3(27)) Added version numbers
	 to text output to get better accuracy in CVE rules.

6/6/00   Added check for Gauntlet/WebShield CyberPatrol buffer overflow.

6/7/00   Changed ruleset to only issue warning for pop2 servers.
	 (pop3 is handled by pop3.sara)

6/7/00   Fixed "ill-formatted fact" bug caused by newline characters
	 in the text field in smb.saint.  The netbios names needed
	 to be chomped. Got rid of "get_host_name not found" errors by
	 requiring get_host.pl in nfs-chk.saint.

6/7/00   Changed showmount.saint and nfs-chk.saint to generate the
	 same facts for the same vulnerabilities, to weed out duplicates.
	 (Before, an unprotected export would be reported twice.)

6/7/00   Released 2.1.

For previous changes see READMEs/CHANGES-2.0
