. changes by Renaud Deraison (deraison at nessus.org) :
- added experimental KB saving, to prevent the audit to restart
from scratch between two tests. See http://www.nessus.org/doc/kb_saving.html
for details
- added experimental detached scans.
See http://www.nessus.org/doc/detached_scan.html for details
- bug in the test of DoS attacks fixed (thanks to Christophe Grenier,
Christophe.Grenier@esiea.fr)
- minor changes in nessus-adduser
- scripts that open a UDP socket read the result of a UDP scan first
- when it receives a SIGHUP, nessusd first frees memory. It also closes
and re-opens the nessusd.messages file
- the plugin timeout is now user definable, in nessusd.conf
- 64 bit compatible (nessusd would produce warnings when running
on some 64 bit architectures). Thanks to the SuSE (http://www.suse.de) team
for having given me access to an IA-64 to compile and try Nessus.
. Changes by Jordan Hrycaj <jordan@mjh.teddy-net.com>
- faster cipher layer
. Other changes :
- a GTK error would sometime be produced when the client is run in
batch mode (Cyril Leclerc <cleclerc at boreal-com.fr>)
Digest::MD5 will now try to fallback to the pure perl
implementation of Digest::Perl::MD5 if bootstrap fails.
Added a bit internal paranoia about casting the IV
in the Digest::MD5 object to the MD5_CTX* pointer.
xdm-krb4 now has an option, -nostrictkrb4, which allows it to fall back
to non-Kerberos authentication if the KRB4 authentication fails. (Much
wanted by sites with a mix of Kerberos and non-Kerberos users).
Noteworthy changes in version 1.0.3 (2000-09-18)
------------------------------------------------
* Fixed problems with piping to/from other MS-Windows software
* Expiration time of the primary key can be changed again.
* Revoked user IDs are now marked in the output of --list-key
* New options --show-session-key and --override-session-key
to help the British folks to somewhat minimize the danger
of this Orwellian RIP bill.
* New options --merge-only and --try-all-secrets.
* New configuration option --with-egd-socket.
* The --trusted-key option is back after it left us with 0.9.5
* RSA is supported. Key generation does not yet work but will come
soon.
* CAST5 and SHA-1 are now the default algorithms to protect the key
and for symmetric-only encryption. This should solve a couple
of compatibility problems because the old algorithms are optional
according to RFC2440
* Twofish and MDC enhanced encryption is now used. PGP 7 supports
this. Older versions of GnuPG don't support it, so they should be
upgraded to at least 1.0.2
- always use random number from /dev/urandom, instead of random(3).
- OpenSSL dependency is simplified - just use USE_SSL, and assume that
RSA function is there. pkgsrc does not really support intermediate
netbsd-current codebase. per discussion on packages@netbsd.org.
approved by packages@netbsd.org
- disable idea/rc5 in phase 1 by default
- use official DOI # for AES (= rijndael)
- be more careful about parsing variable-length packet content
- have __attribute__((__packed__)), be friendly with align-picky arch
(confirmed to be working on i386, sh3 and alpha)
BROKEN variable. Unfortunately, no ChangeLog is available.
Patch system dependent make goo to use 'SSLBASE', mirroring it's use in
bsd.pkg.mk, rather than obsolete 'PATENTEDOPENSSLSRC'. Also, replace hard-
coded "/usr/pkg", replacing it with ${LOCALBASE}. Finally, set 'LOCALBASE'
and 'SSLBASE' conditionally within the package, for convenience.
changes: lots of stabilization (made during interop tests with bunch of
other implementations), certificate support improvement, security issue fix
(admin tcp port, without authentication, was open previously)
how NetBSD's rc.d interprets script names. Also add REQUIRE and PROVIDE
sections to control scripts so they can be used directly in NetBSD's rc.d
system.
installed packages which are insecure and open to exploitation.
The original idea came from Roland Dowdeswell and Bill Sommerfeld, quite
independently, the unorthodox implementation by me.
This package contains two scripts:
(1) download-vulnerability-list, which downloads a list of vulnerable
packages from the NetBSD ftp server, and
(2) audit-packages, which scans all the packages installed on the
local machine, looking for packages which are vulnerable.
