Approved by <frueauf>
Changes:
- make it work as binary packages,
- remove useless MESSAGE files,
- add nmap.nasl plugin, not included by default upstream,
- make the installation a bit more sane and easier to configure.
2.2.7:
======
Nessus 2.2.7 contains several fixes for bugs which have been found
during the 3.x developement process and have been backported to this
branch. It also slightly extends the NASL language by adding support for
arrays of arrays. We will use this feature in some key plugins (SMB in
particular) within 6 months, so you should definitely upgrade to 2.2.7
or 3.0.x.
nessus-libraries:
- Fixed a NULL pointer dereferencement in the BPF server (this mostly
affects OpenBSD and FreeBSD < 5)
- The 'service' functions now only deal with the services file provided
- with Nessus (instead of using a mix of /etc/services and others)
libnasl:
- Fixed off-by-one bugs in insstr() and str_replace() which would
sometimes prevent these two functions from properly dealing with the
last character of a string
- Fixed tcp_ping() which was too aggressive and may therefore sometimes
miss a live host
- Fixed a bug in send() which would not properly validate the value of the
'length' variable
- Now handle arrays of arrays
- Fixed open_priv_sock_tcp() which would report a successful connection
when timing out
nessusd:
- Properly install the file 'nessus-services' in $prefix/var/nessus/
- Bigger buffer when receiving preferences from the client (to avoid a
possible truncation of the plugin list in the future)
- Fixed a bug in the preferences parser which would cause nessusd to die
on startup when processing a malformed preference file
nessus client:
- Fixed an unlikely but potential segmentation fault when viewing the
report in the GUI
- Erase the credentials from memory after having used them (thanks to
Sumiut Siddhart for noticing this)
plugins:
- Fixed several bugs in find_services.c which would not properly set the
key Transport/SSL or which may read some data beyond its buffer
- Fixed a bad #if/#endif clause in nessus_tcp_scanner.c which prevented it
from recomputing the RTT, hence negatively impacting the performance
- nmap.nasl has been removed from the main distribution (to use nmap from
within Nessus read http://www.nessus.org/documentation/?doc=nmap-usage)
This also includes changes offered in pr pkg/18734 and pr pkg/20796
submitted by Adrian Portelli. Thanks & Sorry that it took that long to
pick them up.
2.0.6 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Support for the keyword 'default' as a port range in nmap_wrapper.nes
- Fixed a zombie issue in nmap_wrapper.nes
- Fixed various issues which could allow a NASL script to crash the
NASL interpretor
- Improved the process management in find_services.nes
2.0.5 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Fixed a rare race condition which may make the scan hang
- Fixed SMB related issues
- Entering "default" as the port range will make nessusd scan the ports
listed in the Nessus services file.
- Even more sigs in find_services.nes
. changes by Julien Bordet (zejames@greyhats.org)
- Added over 3,000 signatures to smtpscan.nasl (thanks to the data
provided by the Nessus team)
2.0.4 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- fixed the SIGCHLD handler which would not work properly and leave zombies
on the system
- fixed a race condition when testing a great number of hosts which would
cause a testing process to slow down a whole audit or even hang it
totally
- When a great number of host names is passed to nessusd as a target, they
are resolved by chunks of 64 instead of trying to resolve everything then
starting the test
- RedHat 9 support (in spite of their attempt to make their distro incompatible
with everyone else)
. changes by Gabriel L. Somlo <somlo@acns.colostate.edu>
- The nessus can save the reports to stdout and read them from stdin
2.0.3 :
- fixed a compilation error which would prevent find_services from working
properly
2.0.2 :
. changes by Michel Arboi (arboi@alussinan.org)
- NASL port of smtpscan (original Perl program by Julien Bordet)
- Nasty bug made loop stop prematurely on rare cases
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Re-wrote webmirror.nasl from scratch. The new version has a real parser
built-in and is much faster
- Added checks for older Microsoft Advisories
- SMB plugins now use NTMLv1 authentication, ie: they don't send passwords
in clear text over the network any more
- Added new crypto functions, taken from samba, in libnasl/
- Repaired detached scans
- Fixed IP ranges notation (10.1.1-9.1-254 did not work any more)
- Minor bug fixes and enhancements : #234, #233, #230, #229, #228, #225, #222,
#220, #218, #217, #216, #215, #213, #212, #211, #207, #206, #205
- nessus-update-plugins properly calls chown under FreeBSD, no matter how
many plugins there are
- find_services.nes recognizes even more protocols
. changes by Xueyong Zhi <zhi@mail.eecis.udel.edu>
- Added NTLMv2 authentication
. changes by Frank Migge (frank.migge@oracle.com)
- nessus-mkcert-client creates the auth/rules file properly
2.0.1 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Minor bugfixes (bugs #180, #183, #185, #188, #189, #195, #197, #202, #203, #204)
- Fixed the "pink" graphical report issue
- Added http keep-alive support in the CGI related plugins
- Fixed a bug in the function get_kb_list() which would not always work
properly
- Fixed an issue where in some situations, some HTTP services would not
be tested for flaws if they have not been port-scanned first
- Added new signatures in find_services.nes
. changes by Stephen Friedl (steve@unixwiz.net)
- Fixed bugs and warnings in nessus-libraries
2.0.0 :
. changes by Michel Arboi (arboi@alussinan.org)
- NASL2 : Implement >!< "strings don't match" operator
- NASL2 : fixed a vicious case of freed memory copy.
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Fixed a small bug in the plugin scheduler
- Ported to IRIX
- Several small bugfixes
. changes by Xueyong Zhi <zhi@mail.eecis.udel.edu>
- Added nmap_osfingerprint
1.3.4 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Re-written the process manager for the hosts
- Lots of bugfixes in the plugins text store manager
- New port scanner "synscan" which uses the RTT of the packets to do
its job.
- Fixed several small issues in nasl and nessusd (bug fixes, code cleanup)
- Added cryptographic hashing functions in NASL
- Added the function get_kb_list() which returns the content of a KB
without forking the plugin
- Updated the manpages of nessusd and nasl
. changes by Michel Arboi (arboi@alussinan.org)
- Fixed scanner_get_port() when running in standalone mode
- Fixed possible uninitiliazed memory issues in libnasl
- Started to write the NASL2 reference guide (to be found in libnasl/doc/)
1.3.3 :
. changes by Michel Arboi (arboi@alussinan.org)
- Implement bit xor, logical & aithmetic right shift, power
- Fix operator precedence
- Added new NASL functions
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- The plugin texts are not loaded in memory any more, thus reducing
the consumption of the nessus daemon of two megs. This also speeds up
the loading of nessusd.
- Fixed a bug in the plugins scheduler (if optimizations were enabled,
the scan would sometime hang)
- Added a new NASL function (int())
- Fixed strings substraction to handle null values properly
- find_services.nes runs in parallel mode, for improved speed
- new plugin (synscan) which should perform well against firewalled
hosts (computes the RTT before the scan)
1.3.2 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Added fixes so that nessus-core/nessusd/pluginscheduler.c compiles with
the latest version of GCC
- Fixed a bug in nessus-libraries/libnessus/bpf_share.c : a timer would not
be reset, causing plugins which call bpf_next() to sometimes crash
- Set the timer of bpf_share.c to a much lower value, thus making it work
much better
- Improved tcp_ping()
- Fixed two bugs in the plugins scheduler :
- If the option "enable dependencies at runtime" is set,
it would enable ALL the plugins which are depended on, instead
of only those we use ;
- In some cases, it may terminate too early, thus preventing a scan
from being complete
- DESTDIR support
1.3.1 :
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- Rewrote the plugins scheduler (which determines the order in which
the plugins are to be launched). The new one is much more efficient
but as a result, it is not possible to accurately determine the
order in which the plugins will be ran, so the 'plugin name' in
the client is now totally bogus
- Fixed various issues with NASL scripts so that they work better
with NASL2
- Fixed bugs relative to the creation of icmp and udp packets in nasl
- Fixed some fatal bugs in the bpf sharer
- NASL scripts do not read /dev/urandom any more, and use time() as a
random seed instead. As a result, the loading and execution of nasl
scripts if faster on systems where /dev/urandom can be blocking
- Fixed the tcp NIDS evasion techniques on BSD systems
- Full support for Bugtraq IDs
- The HTML reports add links for URLs, and show the ID number of
the plugin that issues the report.
- Speed up the calls to arg_get_value() by using a hash of the name
being searched for.
- Changed the licence of NASL2 to the GPLv2 (with the consent of Michel Arboi)
. changes by Michel Arboi (arboi@alussinan.org)
- Better handling of the arrays in NASL2
. changes by Erik Anderson (eanders@carmichaelsecurity.com)
- CVE and bugtraq cross references
. changes by Jay (jay@kinetic.org)
- Fixed multiple typos in the plugins
. changes by Javier Fernandez-Sanguino (jfernandez@germinus.com)
- Nessus now ships Hydra 2.2
- Fixed various compilation scritps (see bug#63)
1.3.0 :
. changes by Michel Arboi (arboi@alussinan.org)
- Use our own nessus-services file (re-generated at first start to include
/etc/services and nmap-services)
- Added new families of plugins (ACT_KILL_HOST and ACT_END)
- Rewrote libnasl
. changes by Renaud Deraison (deraison@cvs.nessus.org)
- The 'cancel' button of several file selection dialogs is now working
- Optimized several plugins :
- Web-related checks now use http_recv() instead of recv()
- open_priv_sock_tcp() has a lower timeout
- RPC related checks now use get_rpc_port(), a function equivalent
to libc's getrpcport() but with a much smaller timeout
- Decreased the default value of checks_read_timeout from 15 to 5
- Fixed a bug in the plugin selection GUI which would not refresh
the list of plugins of a given family properly (bug#3)
- Fixed memory leaks in NASL
- Fixed a bug in nessusd which would make it leak memory when receiving a SIGHUP
(bug#10)
- Fixed a compatibility problem with Nmap 3.10ALPHA (bug#11)
- Nessus now accepts nmap's U: and T: notation for the port range (bug#5)
- Helped Michel Arboi to give the last touches to the new libnasl
. changes by Erik Anderson (eanders@pobox.com)
- Added CVE and BID links, added urls and removed dead links from the plugins
. changes by Michel Scheidell (scheidell@secnap.net)
- Improved several SMB-related checks
. changes by Rodolfo Baader (rbaader@activesec.biz)
- Quotes and apostrophes are properly escaped in the XML output report
Besides several new plugins, the following changed since 1.0.6:
. changes by Jordan Hrycaj (jordan at nessus.org) :
- added support for iana port 1241 while 3001 open at the
same time, nin-compat mode (disabling 3001) as sn experimantal
configure option
- nessus-adduser allows to create local users with immediate
key exchange (no passphrase procedure needed)
- nessusd allows to speciphy user logins with netmasks (as with
the public key tags and passwords) in the nessusd.users file
- some options added to nessus, and nessusd
- you can force the compilation/installation of the getopt_long()
function(s) by a configure option
. changes by Renaud Deraison (deraison at nessus.org) :
- http virtual hosts can now be tested
- user-modifiable per-plugin timeout
- detached scans can now be stopped from the client
- fixed issues in detached scan
- implemented plugins_reload() which loads new plugins in memory
- get_host_name() returns the name of host, as entered by the user
(and not a resolve(ip(name_of_host)))
- added the function cgibin() in NASL, which returns the paths
to use to get to the CGIs (default : /cgi-bin)
. changes by Loren Bandiera (lorenb at shelluser.net) :
- XML output improved
. changes by Renaud Deraison (deraison at nessus.org) :
- detached scans can send their result to a given email address (experimental,
see http://www.nessus.org/doc/detached_scan.html)
- diff scan (experimental - see http://www.nessus.org/doc/diff_scan.html)
- probably fixed a bug which would prevent, under rare circumstances, a
scan to finish
- NASL plugins can have no timeout
- minor change in the LaTeX report
- Support for Sun Workshop 5 compiler
- IRIX 6.2 support
- HP/UX 10.20 support
- Fixed a problem in report saving (saving as HTML would produce an XML
file) - thanks to Scott Nichols (Scott.Nichols at globalintegrity.com)
. changes by Jordan Hrycaj (jordan@mjh.teddy-net.com)
- Fixed a problem in the random number generator
. changes by Renaud Deraison (deraison at nessus.org) :
- added experimental KB saving, to prevent the audit to restart
from scratch between two tests. See http://www.nessus.org/doc/kb_saving.html
for details
- added experimental detached scans.
See http://www.nessus.org/doc/detached_scan.html for details
- bug in the test of DoS attacks fixed (thanks to Christophe Grenier,
Christophe.Grenier@esiea.fr)
- minor changes in nessus-adduser
- scripts that open a UDP socket read the result of a UDP scan first
- when it receives a SIGHUP, nessusd first frees memory. It also closes
and re-opens the nessusd.messages file
- the plugin timeout is now user definable, in nessusd.conf
- 64 bit compatible (nessusd would produce warnings when running
on some 64 bit architectures). Thanks to the SuSE (http://www.suse.de) team
for having given me access to an IA-64 to compile and try Nessus.
. Changes by Jordan Hrycaj <jordan@mjh.teddy-net.com>
- faster cipher layer
. Other changes :
- a GTK error would sometime be produced when the client is run in
batch mode (Cyril Leclerc <cleclerc at boreal-com.fr>)
What is new in Nessus 1.0.4 :
changes by Christoph Puppe (pluto at defcom-sec.com) :
added "Sort by Port" to the report window.
Reports are sorted first by holes, then by warnings, then by notes.
Previous version only sorted by holes.
changes by Renaud Deraison (renaud at nessus.org) :
ftp related checks : the user can now supply a login/password for the ftp
checks, and relies on the ftp banner if nessusd can't log into
the ftp server (requested by Jens.Oeser at connector.de).
libnessus : ftp_log_in() would sometime fail against some ftp servers
better handling of large reports on the client side
tests are saved on the server side and can be restored. Note that this is
experimental and disabled by default. Do
./configure --enable-save-sessions
to enable this feature, and read doc/session_saving.txt for details.
better handling of targets with multiple web servers running
continue to launch the DoS if the state of the remote host can not be
determined
fixed a bug in smb_login_as_users.nasl, and improved
smb_accessible_shares.nasl
added checks for unpassworded MySQLs and PostgreSQL databases
nessusd uses less memory
changes by Pavel Kankovsky (peak at argo.troja.mff.cuni.cz) :
fixed a possible deadlock in the nessusd internal communication
fixed a problem in the client that would make it crash if it received
a malformed message from the server
the client would not detect the death of the server when run in batch
mode
possible header confusion (with regex.h) fixed
possible signal deadlock when exiting fixed
Other changes :
fixed a problem in the function is_cgi_installed() that may sometime
not work against odd clients (Thomas Reinke (reinke at
e-softinc.com))
fixed a bug in snmp_default_communities.nasl (Lionel Cons
(lionel.cons at cern.ch))
fixed showmount.nasl (Paul Ewing Jr. (ewing at ima.umn.edu))
typo in showmount.nasl would prevent it to work over udp (ctor at
krixor.xy.org)
