Besides several new plugins, the following changed since 1.0.6:
. changes by Jordan Hrycaj (jordan at nessus.org) :
- added support for iana port 1241 while 3001 open at the
same time, nin-compat mode (disabling 3001) as sn experimantal
configure option
- nessus-adduser allows to create local users with immediate
key exchange (no passphrase procedure needed)
- nessusd allows to speciphy user logins with netmasks (as with
the public key tags and passwords) in the nessusd.users file
- some options added to nessus, and nessusd
- you can force the compilation/installation of the getopt_long()
function(s) by a configure option
. changes by Renaud Deraison (deraison at nessus.org) :
- http virtual hosts can now be tested
- user-modifiable per-plugin timeout
- detached scans can now be stopped from the client
- fixed issues in detached scan
- implemented plugins_reload() which loads new plugins in memory
- get_host_name() returns the name of host, as entered by the user
(and not a resolve(ip(name_of_host)))
- added the function cgibin() in NASL, which returns the paths
to use to get to the CGIs (default : /cgi-bin)
. changes by Loren Bandiera (lorenb at shelluser.net) :
- XML output improved
. changes by Renaud Deraison (deraison at nessus.org) :
- detached scans can send their result to a given email address (experimental,
see http://www.nessus.org/doc/detached_scan.html)
- diff scan (experimental - see http://www.nessus.org/doc/diff_scan.html)
- probably fixed a bug which would prevent, under rare circumstances, a
scan to finish
- NASL plugins can have no timeout
- minor change in the LaTeX report
- Support for Sun Workshop 5 compiler
- IRIX 6.2 support
- HP/UX 10.20 support
- Fixed a problem in report saving (saving as HTML would produce an XML
file) - thanks to Scott Nichols (Scott.Nichols at globalintegrity.com)
. changes by Jordan Hrycaj (jordan@mjh.teddy-net.com)
- Fixed a problem in the random number generator
. changes by Renaud Deraison (deraison at nessus.org) :
- added experimental KB saving, to prevent the audit to restart
from scratch between two tests. See http://www.nessus.org/doc/kb_saving.html
for details
- added experimental detached scans.
See http://www.nessus.org/doc/detached_scan.html for details
- bug in the test of DoS attacks fixed (thanks to Christophe Grenier,
Christophe.Grenier@esiea.fr)
- minor changes in nessus-adduser
- scripts that open a UDP socket read the result of a UDP scan first
- when it receives a SIGHUP, nessusd first frees memory. It also closes
and re-opens the nessusd.messages file
- the plugin timeout is now user definable, in nessusd.conf
- 64 bit compatible (nessusd would produce warnings when running
on some 64 bit architectures). Thanks to the SuSE (http://www.suse.de) team
for having given me access to an IA-64 to compile and try Nessus.
. Changes by Jordan Hrycaj <jordan@mjh.teddy-net.com>
- faster cipher layer
. Other changes :
- a GTK error would sometime be produced when the client is run in
batch mode (Cyril Leclerc <cleclerc at boreal-com.fr>)
What is new in Nessus 1.0.4 :
changes by Christoph Puppe (pluto at defcom-sec.com) :
added "Sort by Port" to the report window.
Reports are sorted first by holes, then by warnings, then by notes.
Previous version only sorted by holes.
changes by Renaud Deraison (renaud at nessus.org) :
ftp related checks : the user can now supply a login/password for the ftp
checks, and relies on the ftp banner if nessusd can't log into
the ftp server (requested by Jens.Oeser at connector.de).
libnessus : ftp_log_in() would sometime fail against some ftp servers
better handling of large reports on the client side
tests are saved on the server side and can be restored. Note that this is
experimental and disabled by default. Do
./configure --enable-save-sessions
to enable this feature, and read doc/session_saving.txt for details.
better handling of targets with multiple web servers running
continue to launch the DoS if the state of the remote host can not be
determined
fixed a bug in smb_login_as_users.nasl, and improved
smb_accessible_shares.nasl
added checks for unpassworded MySQLs and PostgreSQL databases
nessusd uses less memory
changes by Pavel Kankovsky (peak at argo.troja.mff.cuni.cz) :
fixed a possible deadlock in the nessusd internal communication
fixed a problem in the client that would make it crash if it received
a malformed message from the server
the client would not detect the death of the server when run in batch
mode
possible header confusion (with regex.h) fixed
possible signal deadlock when exiting fixed
Other changes :
fixed a problem in the function is_cgi_installed() that may sometime
not work against odd clients (Thomas Reinke (reinke at
e-softinc.com))
fixed a bug in snmp_default_communities.nasl (Lionel Cons
(lionel.cons at cern.ch))
fixed showmount.nasl (Paul Ewing Jr. (ewing at ima.umn.edu))
typo in showmount.nasl would prevent it to work over udp (ctor at
krixor.xy.org)
