
Updated SAINT 3.5.7 --> 3.5.8: Changes described below

6/12/02  Added check for CFXImage showtemp.cfm directory
	 traversal.

6/12/02  Added information on Sun mibiisa/snmpdx
	 vulnerability (tutorial change only).

6/13/02  Removed 1103/TCP from portscan at "heavy" scan
	 level due to bug in Solaris 2.5.1 - 2.6. By default
	 the "xaudio" service is enabled but daemon is not
	 installed, causing connection to hang with large
	 volume of error messages in system log.

6/13/02  Added check for potential vulnerability in
         rpc.passwd on IRIX (unknown if vulnerable in
         versions before IRIX 6.5; vulnerable in unpatche
         IRIX 6.5 up to 6.5.15; fixed in 6.5.16)

6/13/02  Added information on Ghostscript Command Execution
         Vulnerability on Redhat to Linux lpd vulnerability
         tutorial.

6/13/02  Added check for IIS .HTR ISAPI filter due to new
	 vulnerability in processing chunked encoding.

6/14/02  Gave mkfifo precedence over mknod in saint.cgi
	 since mknod can't be used to create pipes on
	 FreeBSD. (This was done in html.pl in 3.5.4 but
	 was overlooked in saint.cgi.)

6/14/02  Fixed encode_url_arg() and decode_url_arg() not
	 to use slashes in encoding because they confuse
	 the relative URL in the refresh link.

6/14/02  Added check for latest Bugzilla vulnerabilities.

6/17/02  Fixed bug in WebLogic check.

6/17/02  Fixed bug in services ruleset. /bin/login
	 vulnerability through telnet was causing a false
	 positive on R-Series service.

6/17/02  Added check for Apache versions which are
	 vulnerable to chunked encoding vulnerability.

6/17/02  Released 3.5.8.

Updated SAINT 3.5.6 --> 3.5.7: Changes described below

5/28/02  Added check for OpenServer yppasswdd.

5/28/02  Added check for buffer overflow in IMail LDAP.

5/28/02  Added check for potential format string problem
	 in talkd.

5/30/02  Added port 135 to ports scanned by ostype.saint
	 at non-heavyplus scan level to assist in
	 identifying Windows workstations.

5/30/02  Added check for predictable TCP initial sequence
	 numbers to ostype.saint. Based on nmap. Note:
	 This intentionally does not report systems using
	 random increments (CA-2001-09) because it would
	 detect every Windows 2000 machine and there is
	 no fix. 

5/31/02  Corrected version detection for newer imap.

6/3/02   Added check for ServletExec vulnerabilities
	 (JSP10Servlet).

6/3/02   Added check for authentication bypass in Webmin.

6/3/02   Added check for potential buffer overflow in
	 JRun ISAPI.

6/4/02   Added check for CGI information disclosure
	 vulnerabilities in Apache Tomcat.

6/4/02   Reorganized http_potential_problems.html for
	 easier navigation.

6/5/02   Added check for denial of service vulnerability
         in BIND 9 versions earlier than BIND 9.2.1.

6/6/02   Released 3.5.7.

Updated SAINT 3.5.5 --> 3.5.6: Changes described below

5/16/02  Fixed bug in rules/facts. Avirt telnet server
	 version number was being captured correctly
	 but not checked. (Doesn't matter yet, since
	 all currently available versions are vulnerable.)

5/17/02  Added reference to Cisco Security Advisory in
	 NTP vulnerability.

5/22/02  Added check for user shell access vulnerability
	 in UW IMAP.

5/23/02  Added check for "sa" accounts without passwords
	 in Microsoft SQL Server. This vulnerability is
	 exploited by the Spida worm.

5/23/02  Added information on older Microsoft SQL
	 vulnerabilities to the existing tutorial.

5/23/02  Added check for AllowedAuthentications flaw
	 in SSH.

5/23/02  Released 3.5.6.

Updated SAINT 3.5.4 --> 3.5.5: Changes described below

5/2/02   Fixed problem in IIS cross-site scripting check,
	 which implies all 10 vulnerabilities in MS02-018.
	 Apparently there are some variants to the unpatched
	 404 error page which were causing false negatives.

5/2/02   Added check for Multiple UNC Provider buffer
	 overflow. (Requires Windows Domain Authentication.)

5/3/02   Added check for DNSTools authentication bypass
	 (dnstools.php).

5/3/02   Removed check for Win2000 SP2 because the registry
	 key used by the check doesn't exist if SP2 was
	 included on the Win2000 installation media.
	 Win2000 SP2 is implied by the check for the post-SP2
	 rollup pack anyway.

5/3/02   Added check for multiple vulnerabilities in
	 PHProjekt versions prior to 3.2.

5/7/02   Added check for cachefsd.

5/7/02   Added check for ypbind vulnerability. This
	 vulnerability was referenced in the yppasswdd
	 tutorial when it was first announced, but now
	 has a separate check and tutorial.

5/7/02   Fixed false alarm in check for Sambar source code
	 disclosure. (Missing regular expression delimiters)

5/7/02   Released 3.5.5.

5/9/02   Added check for ISC dhcpd.

5/9/02   Released 3.5.5R2.

Updated SAINT 3.5.3 --> 3.5.4: Changes described below

4/29/02  Rearranged creation of named pipe in html.pl
	 to use mkfifo before mknod. This is because
	 mknod apparently cannot be used to create a
	 fifo in some operating systems (i.e. FreeBSD)

4/29/02  Added information on Web+ cookie processing
	 buffer overflow to http_potential_problems.html.

4/30/02  Added check for Microsoft BackOffice Administrator
	 authentication bypass.

4/30/02  Added check for source code disclosure in Sambar.

4/30/02  Added check for multiple CGIScript.net applications.
	 These have the same potential problem as in
	 csSearch.cgi, added on 3/28/02.

4/30/02  Added check for potential hidden HTML form field
	 manipulation problem in CSMailto.cgi (another
	 CGIScript.net application).

4/30/02  Added paragraph to Windows Domain Authentication
	 warning in saint.cf.html about the possible
	 unreliability of checks for Windows updates.

5/1/02   Added check for URL parsing flaw in BEA WebLogic.
	 Also modified existing WebLogic checks for better
	 accuracy.

5/1/02   Added check for rpc.walld.

5/1/02   Released 3.5.4.

Updated SAINT 3.5.2 --> 3.5.3: Changes described below

4/12/02  Added check for latest vulnerability in icecast.

4/15/02  Added check for latest Squid vulnerability.

4/18/02  Added check for Microsoft SQL Server.

4/19/02  Added check for cross-site scripting in
	 NetWare web search.

4/19/02  Added check for potential buffer overflow in
	 Tivoli Storage Manager.

4/19/02  Fixed a number of bugs in http.saint related to
	 escaping of backslashes and quotes. Backslashes
	 and quotes need to be escaped twice, once for
	 PERL interpreter and once for passing to tcp_scan.

4/23/02  Added check for buffer overflow in WebTrends
	 Reporting Center.

4/23/02  Updated http_IIS_samples.html with information on
	 Unicode translation vulnerability in codebrws.asp.
	 Check for codebrws.asp was already present.

4/24/02  Removed call to infer_facts in merge_facts (which
	 is called by read_facts) to avoid discrepancy
	 between facts in memory and facts in file. This
	 situation arises when newly added vulnerabilities
	 are inferred from old SAINT data, and causes a
	 discrepancy between the results reported by SAINT
	 and SAINTwriter.

4/24/02  Added information on Kerberos-enabled OpenSSH
	 buffer overflow (remotely exploitable only in 2.9.9
	 and earlier) to tutorial.

4/25/02  Fixed bug in extreme iPlanet /?wp-html-rend
	 check. (GET was missing.)

4/25/02  Released 3.5.3.

Updated SAINT 3.5.1 --> 3.5.2: Changes described below

4/8/02   Added check for buffer overflows in Sambar web
	 server.

4/8/02   Fixed false alarm in Windows ntpd.

4/8/02   Added check for NetWare Remote Manager.

4/9/02   Added information on newly discovered IRIX
	 snmpd vulnerability to tutorial. No change was
	 needed to the check.

4/11/02  Added check for multiple IIS vulnerabilities
	 (MS02-018)

4/11/02  Released 3.5.2.

Updated SAINT 3.5 --> 3.5.1: Changes described below

3/14/02  Fixed false alarm in Cobalt RaQ unauthorized
	 file read vulnerability.

3/20/02  Added reference to CERT Advisory 2002-08 to
	 Oracle_vulnerabilities.html.

3/20/02  Added information on vulnerability in casting
	 operations in Microsoft Virtual Machine. Tutorial
	 change only, since this is fixed by the existing
	 VM hotfix.

3/20/02  Added check for Windows shell buffer overflow
	 on Windows 2000. (Check was already present for
	 Windows NT 4.0.)

3/21/02  Updated to CVE version 20020309.

3/21/02  Changed starting uid in win_login.saint from 1001
	 to 1000, since 1000 can be significant on Windows
	 2000 systems.

3/22/02  Added check for db.php script in PHPBB2 version 2.0 
         that allows execution of arbitrary commands.

3/22/02  Added check for PHProjekt filemanager_forms.php
         script bug that allows execution of arbitrary
         PHP scripts.

3/22/02  Added check for directory.php CGI script bug
         allowing remote execution of commands.

3/22/02  Added check for efingerd.

3/26/02  Added check for article.php vulnerability in
	 PHP-Nuke and PostNuke.

3/26/02  Added check for batch file processing command
	 execution vulnerability in Apache for Windows.

3/26/02  Added information on Windows domain authentication
	 to the FAQ.

3/27/02  Added check for traceroute.pl remote command
	 execution.

3/28/02  Added check for nslookup.pl remote command
	 execution.

3/28/02  Again retired the "Is Your Windows Patched for
	 DoS?" warning. It was supposed to have been removed
	 in 3.5 when the Windows hotfix checks were added.

3/28/02  Added check for vulnerability in csSearch.cgi.

3/28/02  Released 3.5.1.

Updated SAINT 3.4.11 --> 3.5: Changes described below

2/28/02  Fixed some minor problems in open_reg_entry in
	 netbios.pl. These problems don't affect any existing
	 SAINT checks but may have affected future checks.

3/4/02   Added check for Apache mod_ssl.

3/4/02   Added check for arbitrary read access in
	 comment2 sample script, part of ScriptEase:
	 Web Server Edition.

3/5/02   Added check for format string problem in ntop.

3/5/02   Added check for Apache-SSL. This is the same
	 vulnerability which was already added for mod_ssl.

3/6/02   Added check for multiple vulnerabilities in
	 Cobalt RaQ servers.

3/6/02   Added check for multiple vulnerabilities in xtell.

3/7/02   Added information on buffer overflow in webplus.
	 (Tutorial change only. No change required to check.)

3/8/02   Added check for user authentication flaw and
	 denial-of-service vulnerability in Windows 2000
	 SMTP service.

3/8/02   Added check for buffer overflow in OpenSSH.

3/8/02   Added check for two new vulnerabilities in Zope.

3/11/02  Added check for potentially vulnerable RADIUS
	 servers.

3/12/02  Made various modifications to perllib/netbios.pl
	 to get it to work with upcoming checks for
	 Windows updates.

3/12/02  Added check for critical Windows updates, including
	 win2k SP2, post-SP2 security rollup pack 1,
	 nt4 post-SP6a security rollup pack 1, SNMP hotfix,
	 java applet redirect hotfix, and windows shell
	 unchecked buffer.

3/12/02  Added $domain_user variable to saint.cf. Added
	 option for domain admin username and password
	 in Target Selection and on command line (-L).

3/12/02  Fixed false alarm in MS Site Server check. Some
	 NT4 servers erroneously accept LDAP_Anonymous
	 as a null login.

3/13/02  Fixed rules/facts not to false alarm on RADIUS
	 service which runs by default with Windows 2000
	 Authentication service

3/13/02  Retired the old "Is your Windows patched for DoS?"
	 check, since there is now a check for Windows
	 updates.

3/13/02  Released 3.5.

For previous changes see READMEs/CHANGES-3.4
