ChangeLog for nessus-core, nessus-libraries, nessus-plugins, libnasl $Id$ 2.0.9 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - The bpf sharing system now works fine on BSD systems, so Nessus now only requires one /dev/bpf to work correctly, no matter how many hosts are being tested - Minor bug fixes - A bug in tcp_ping() would make some probes have a source port set to 0 . changes by Michel Arboi (arboi@alussinan.org) - Added functions in libnasl (join_multicast_group(), unixtime(), and more...) - All SSL operations now use non-blocking sockets instead of the alarm() trick to handle timeouts . Changes by Pavel Kankovky - Minimize the number of pixmaps that need to be created in the Nessus client by re-using them 2.0.8 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Improved plugins dependencies - Improved some plugins performances - Better default values for nessusd.conf - Fixed insert_ip_options() which was broken - Fixed a bottleneck in the plugins process manager which would sometimes not properly distribute the work among the plugins, thus resulting in a slower test - Added the function script_xref() in NASL scripts - Multiple minor bugfixes - When connecting to SSL servers, Nessus now attempts to use SSLv2 by default (instead of TLSv1), as the handshake takes less time - Do not use the libc's regexp implementation on RedHat 9 (might be broken) 2.0.7 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed bad performances issues when pinging dead hosts - Fixed a bug which would prevent to store items larger than 2kb in the KB - NFS and SMB file-related functions completed (open, read and cwd are implemented) - Plugins support for Windows 2003 - Network IPs can now be evenly sliced instead of being scanned sequentially - User-definable source-IP(s) for the checks (nessusd -S) - Fixed a possible message corruption problem if a plugin was to send a too long message back to nessusd - Fixed a possible plugin corruption problem when the client overwrites existing plugins - Fixed various false positives and wording issues in several plugins . changes by Michel Arboi (arboi@alussinan.org) - Fixed Nmap support for the newest version of Nmap 2.0.6 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Support for the keyword 'default' as a port range in nmap_wrapper.nes - Fixed a zombie issue in nmap_wrapper.nes - Fixed various issues which could allow a NASL script to crash the NASL interpretor - Improved the process management in find_services.nes 2.0.5 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a rare race condition which may make the scan hang - Fixed SMB related issues - Entering "default" as the port range will make nessusd scan the ports listed in the Nessus services file. - Even more sigs in find_services.nes . changes by Julien Bordet (zejames@greyhats.org) - Added over 3,000 signatures to smtpscan.nasl (thanks to the data provided by the Nessus team) 2.0.4 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - fixed the SIGCHLD handler which would not work properly and leave zombies on the system - fixed a race condition when testing a great number of hosts which would cause a testing process to slow down a whole audit or even hang it totally - When a great number of host names is passed to nessusd as a target, they are resolved by chunks of 64 instead of trying to resolve everything then starting the test - RedHat 9 support (in spite of their attempt to make their distro incompatible with everyone else) . changes by Gabriel L. Somlo - The nessus can save the reports to stdout and read them from stdin 2.0.3 : - fixed a compilation error which would prevent find_services from working properly 2.0.2 : . changes by Michel Arboi (arboi@alussinan.org) - NASL port of smtpscan (original Perl program by Julien Bordet) - Nasty bug made loop stop prematurely on rare cases . changes by Renaud Deraison (deraison@cvs.nessus.org) - Re-wrote webmirror.nasl from scratch. The new version has a real parser built-in and is much faster - Added checks for older Microsoft Advisories - SMB plugins now use NTMLv1 authentication, ie: they don't send passwords in clear text over the network any more - Added new crypto functions, taken from samba, in libnasl/ - Repaired detached scans - Fixed IP ranges notation (10.1.1-9.1-254 did not work any more) - Minor bug fixes and enhancements : #234, #233, #230, #229, #228, #225, #222, #220, #218, #217, #216, #215, #213, #212, #211, #207, #206, #205 - nessus-update-plugins properly calls chown under FreeBSD, no matter how many plugins there are - find_services.nes recognizes even more protocols . changes by Xueyong Zhi - Added NTLMv2 authentication . changes by Frank Migge (frank.migge@oracle.com) - nessus-mkcert-client creates the auth/rules file properly 2.0.1 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Minor bugfixes (bugs #180, #183, #185, #188, #189, #195, #197, #202, #203, #204) - Fixed the "pink" graphical report issue - Added http keep-alive support in the CGI related plugins - Fixed a bug in the function get_kb_list() which would not always work properly - Fixed an issue where in some situations, some HTTP services would not be tested for flaws if they have not been port-scanned first - Added new signatures in find_services.nes . changes by Stephen Friedl (steve@unixwiz.net) - Fixed bugs and warnings in nessus-libraries 2.0.0 : . changes by Michel Arboi (arboi@alussinan.org) - NASL2 : Implement >!< "strings don't match" operator - NASL2 : fixed a vicious case of freed memory copy. . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a small bug in the plugin scheduler - Ported to IRIX - Several small bugfixes . changes by Xueyong Zhi - Added nmap_osfingerprint 1.3.4 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Re-written the process manager for the hosts - Lots of bugfixes in the plugins text store manager - New port scanner "synscan" which uses the RTT of the packets to do its job. - Fixed several small issues in nasl and nessusd (bug fixes, code cleanup) - Added cryptographic hashing functions in NASL - Added the function get_kb_list() which returns the content of a KB without forking the plugin - Updated the manpages of nessusd and nasl . changes by Michel Arboi (arboi@alussinan.org) - Fixed scanner_get_port() when running in standalone mode - Fixed possible uninitiliazed memory issues in libnasl - Started to write the NASL2 reference guide (to be found in libnasl/doc/) 1.3.3 : . changes by Michel Arboi (arboi@alussinan.org) - Implement bit xor, logical & aithmetic right shift, power - Fix operator precedence - Added new NASL functions . changes by Renaud Deraison (deraison@cvs.nessus.org) - The plugin texts are not loaded in memory any more, thus reducing the consumption of the nessus daemon of two megs. This also speeds up the loading of nessusd. - Fixed a bug in the plugins scheduler (if optimizations were enabled, the scan would sometime hang) - Added a new NASL function (int()) - Fixed strings substraction to handle null values properly - find_services.nes runs in parallel mode, for improved speed - new plugin (synscan) which should perform well against firewalled hosts (computes the RTT before the scan) 1.3.2 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Added fixes so that nessus-core/nessusd/pluginscheduler.c compiles with the latest version of GCC - Fixed a bug in nessus-libraries/libnessus/bpf_share.c : a timer would not be reset, causing plugins which call bpf_next() to sometimes crash - Set the timer of bpf_share.c to a much lower value, thus making it work much better - Improved tcp_ping() - Fixed two bugs in the plugins scheduler : - If the option "enable dependencies at runtime" is set, it would enable ALL the plugins which are depended on, instead of only those we use ; - In some cases, it may terminate too early, thus preventing a scan from being complete - DESTDIR support 1.3.1 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Rewrote the plugins scheduler (which determines the order in which the plugins are to be launched). The new one is much more efficient but as a result, it is not possible to accurately determine the order in which the plugins will be ran, so the 'plugin name' in the client is now totally bogus - Fixed various issues with NASL scripts so that they work better with NASL2 - Fixed bugs relative to the creation of icmp and udp packets in nasl - Fixed some fatal bugs in the bpf sharer - NASL scripts do not read /dev/urandom any more, and use time() as a random seed instead. As a result, the loading and execution of nasl scripts if faster on systems where /dev/urandom can be blocking - Fixed the tcp NIDS evasion techniques on BSD systems - Full support for Bugtraq IDs - The HTML reports add links for URLs, and show the ID number of the plugin that issues the report. - Speed up the calls to arg_get_value() by using a hash of the name being searched for. - Changed the licence of NASL2 to the GPLv2 (with the consent of Michel Arboi) . changes by Michel Arboi (arboi@alussinan.org) - Better handling of the arrays in NASL2 . changes by Erik Anderson (eanders@carmichaelsecurity.com) - CVE and bugtraq cross references . changes by Jay (jay@kinetic.org) - Fixed multiple typos in the plugins . changes by Javier Fernandez-Sanguino (jfernandez@germinus.com) - Nessus now ships Hydra 2.2 - Fixed various compilation scritps (see bug#63) 1.3.0 : . changes by Michel Arboi (arboi@alussinan.org) - Use our own nessus-services file (re-generated at first start to include /etc/services and nmap-services) - Added new families of plugins (ACT_KILL_HOST and ACT_END) - Rewrote libnasl . changes by Renaud Deraison (deraison@cvs.nessus.org) - The 'cancel' button of several file selection dialogs is now working - Optimized several plugins : - Web-related checks now use http_recv() instead of recv() - open_priv_sock_tcp() has a lower timeout - RPC related checks now use get_rpc_port(), a function equivalent to libc's getrpcport() but with a much smaller timeout - Decreased the default value of checks_read_timeout from 15 to 5 - Fixed a bug in the plugin selection GUI which would not refresh the list of plugins of a given family properly (bug#3) - Fixed memory leaks in NASL - Fixed a bug in nessusd which would make it leak memory when receiving a SIGHUP (bug#10) - Fixed a compatibility problem with Nmap 3.10ALPHA (bug#11) - Nessus now accepts nmap's U: and T: notation for the port range (bug#5) - Helped Michel Arboi to give the last touches to the new libnasl . changes by Erik Anderson (eanders@pobox.com) - Added CVE and BID links, added urls and removed dead links from the plugins . changes by Michel Scheidell (scheidell@secnap.net) - Improved several SMB-related checks . changes by Rodolfo Baader (rbaader@activesec.biz) - Quotes and apostrophes are properly escaped in the XML output report 1.2.6 : . changes by Michael Slifcak (Michael.Slifcak@guardent.com) - Added Bugtraq cross reference in the plugins - Added support for BID in nessusd (this has yet to be done on the client side) . changes by Axel Nennker (Axel.Nennker@t-systems.com) - fixed the xml and html outputs - fixed array issues in a couple of plugins . changes by Michel Arboi (arboi@alussinan.org) - find_service now detects services protected by TCP wrappers or ACL - find_service detects gnuserv - ptyexecvp() replaced by nessus_popen() (*) . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a bug which may make nasl interpret backquoted strings (\n and \r) received from the network (problem noted by Pavel Kankovsky) - nmap_wrapper.nes calls _exit() instead of exit() (*) - Solved the lack of bpf's on Free/Open/NetBSD and MacOSX by sharing _one_ among all the Nessus processes. As a result, Nessus's ping is much more effective on these platforms - bugfix in plug_set_key() which would eventually make some scripts take too long when writing in the KB - Plugins of family ACT_SETTINGS are run *after* plugins of family ACT_SCANNERS - replaced the implementation of md5 which was used when OpenSSL is disabled by the one from RSA (the old one would not work on a big-endian host) - Fixed plugins build issues on MacOS X - The nessus client compiles and links against GTK+-2.0. Of course, it will be horrible and instable, as the GTK team does not care about backward compatibility (*) These two modifications solve the problems of nmap hanging under FreeBSD 1.2.5 : . changes by Michel Arboi (arboi@alussinan.org) - find_service now displays unknown services that run on assigned ports - read_stream_connection smarter (smaller timeout) - find_service sometimes declared IDENT as "unknown" . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a deadlock that would prevent some plugins from completing - Fixed a possible (although rare) corruption issue in the reports (the script IDs could under some circumstances be random) - Fixed a potential segfault in the execution of nasl scripts 1.2.4 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Reverted back to autoconf 2.13. - Bug fix in nessus-core/nessusd/pluginlaunch.c - under some circumstances, data might have be lost in the reports - Fixed a bug in several plugins for web checks (under some circumstances, a plugin would do N x N checks against the remote web servers (where N equals to the number of web servers running on the remote host) 1.2.3 : . changes by Isaac Dawson (idawson@securitymanagementpartners.com) - New html output layout. . changes by Pasi Eronen (pasi.eronen@nixu.com) - fix in nmap_wrapper . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a bug which could make, under some circumstances, make nessusd crash the host it is running on. - If the option log_whole_attack is set to "no", then only the begining and the end of the attack is logged (and not the time each plugin takes) - Improved no404.nasl to further reduce false positives - Bug fix in nessusd - under some rare circumstances, report data could be lost (if many many plugins were enabled at the same time and were sending data at the same time). - UDP packets are resent while we wait for a reply (avoids to loose packets en route) - Fixed the option "auto_enable_dependencies" which would not always work - Sending a SIGTERM to the nessus client during a command line scan forces it to save its result to the current test file - Non-printables characters are not shown in the report any more 1.2.2 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - In the GUI, while running a scan, plugins names are only updated once in a while (saves CPU) - Bugfix in the client : some host names would make the client crash - Repaired the '-P' switch in the client 1.2.1 : . changes by Simon Law (sfllaw@engmail.uwaterloo.ca) - Made a manpage for nessus-mkcert-client(1) and have it installed by the Makefile - Revised most other manpages for missing information and to increase clarity . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed the -i switch of nessus-update-plugins - Fixed a bug in the server which would, in some circumstances, not make it announce the proper order of the plugins being run - More CVE cross references - get_host_name() always return a FQDN - User-configurable third party domain for SMTP relay checks - Repaired hydra.nes - Fixed MacOS X specific problems (dlcompat vs NSCreateObjectFileImageFromFile) - Plugins dependencies appear in the GUI - Fixed nessus-mkcert so that long email addresses are accepted - Re-generated the 'configure' scripts with autconf 2.53 . changes by Michael Scheidell (scheidell@fdma.com) - Added some bound checkings in some SMB plugins to reduce noise in nessusd.messages . changes by Michel Arboi (arboi@alussinan.org) - ping_host.nasl pings on multiple ports 1.1.15/1.2.0 : . changes by Nicolas Dubee (ndubee@secway.com) : - Better support for AF_UNIX sockets . changes by Brian (bmc@snort.org) : - CVE references - several bugfixes in the plugins . changes by Peter Gründl (pgrundl@kpmg.dk) and Carsten Joergensen (carstenjoergensen@kpmg.dk) : - Extensive review of the plugins and therefore numerous fixes . changes by Axel Nennker (Axel.Nennker@t-systems.com) - FD leak in save_kb.c fixed . changes by Renaud Deraison (deraison at nessus.org) - It is now possible to upload files to the server when using the command line client - lrand48() portability problems worked around - fixed a bug in the report window that would make it crash randomly 1.1.14 : . changes by Renaud Deraison (deraison at nessus.org) - SMB fixes (thanks to Michael Scheidell) - When the safe checks option is enabled, dangerous tests with no alternate code (ie: plugins of type ACT_DESTRUCTIVE_ATTACK and ACT_DENIAL) are disabled - Hosts can be designated by their MAC address of instead of their IP address (mostly useful for DHCP networks) - Fixed a bug in the report generation which would replace newlines (\n) by semi-columns (;) - Fixed a bug in the export of some types of reports, where open ports with no data associated would not be saved - Integrated THC's Hydra as a Nessus plugin - Added new NT security checks (related to user management) - Plugins of type ACT_SETTINGS can not be disabled - Fixed a bug which would make nessusd hang when a scanner was reporting too many open ports (as when a UDP scan reports all UDP ports as being open) . changes by Dion Stempfley (dion at riptech.com) - The client can now filter on category . changes by Axel Nennker (Axel.Nennker@t-systems.com) - Fixed some plugins causing error messages in some circumstances (dns_xfer.nasl, snmp_processes.nasl...) - Stylish changes to prevent gcc -Wall from whining in some files - XML NG output is now XML compliant - Bug fixes . changes by Jenni Scott (jenni.scott@guardent.com) and Michael Slifcak (michael.slifcak@guardent.com) : - Improved the reporting of the plugins (better consistency, better wording) 1.1.13 : . changes by Michel Arboi (arboi@alussinan.org) - New family ACT_SETTINGS dedicated to plugins which just let the user enter some preferences - Optional NIDS evasion techniques (url encoding, tcp slicing) . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug in the command line client which would make it ignore some preferences - SMB checks can now log into a Windows domain - NIDS evasion techniques (data injection, short ttl) - Fixed a bug which would randomly stall the scan 1.1.12 : . changes by Renaud Deraison (deraison at nessus.org) - Workarounds on FreeBSD to prevent a kernel panic (thanks to Michael Scheidell and Stefan Esser) - nessus can export reports as other file formats again 1.1.11 : . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug regarding the saving of reports from the GUI - Improved the backend in many ways (speed-wise, content-wise) - Changes in the protocol - More messages are sent between the server and the client (timestamps, plugins version, ...) - New .nbe file format, which looks like .nsr but has more information in it - Plugins now have versions numbers. - The user can upload his plugins to the nessusd server from the client - It is now possible to upload files to the server (ie: nmap's results) in command-line mode - Fixed false positives in SNMP plugins when launched against a non-configured Solaris snmpd . changes by Guillaume Valadon (guillaume at valadon.net) - New XML output (the XML layout was defined by Lionel Cons [lionel.cons at cern.ch]) 1.1.10 : . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug introduced in 1.1.9 which would sometimes prevent a user from aborting an on-going test - Fixed a bug in the client which would prevent the user from setting a port range longer than 255 chars - Fixed bugs in pcap_next() (thanks to Richard van den Berg). Also, pcap_next() is now more flexible. - Fixed a bug in the command line client which would make it close the communication too early when the client - server communication is not ciphered - Added an "auto-load dependencies at runtime" option 1.1.9 : . changes by Renaud Deraison (deraison at nessus.org) - Fix in the GUI, when closing a saved report - Fixed a bug in ftp_log_in() which would prevent nasl script from logging into some FTP servers - Solaris build problems fixed - Darwin 1.4.1 build problems fixed - MkLinux DR3 build problems fixed (is anyone using it anymore ?) - GTK 1.0.x build problems fixed (the use of GTK 1.2 is recommended though) - Fixed the "wrong call to getopt" problem which would make Nessus segfault when built with cygwin, and which would prevent options from working under Solaris & FreeBSD (thanks to Udo Schweigert) - SMB checks speedup (thanks to Georges Dagousset's suggestion) - Fixed a bug in the client - server communication that would make the server close the communication when the client is idle - Better support for AF_UNIX socket for client-server communication (compile nessus-core with ./configure --enable-unix-socket) - Plugins are disabled by default in batch mode . changes by Michel Arboi (arboi@alussinan.org) - Client now properly checks the certificate of the server . changes by Benoit Brodard (bbrodard at arkoon.net) - fixed bugs in nasl/tcp.c (checksum, handling of unsigned int) 1.1.8 : . changes by Renaud Deraison (deraison at nessus.org) - Workaround for systems with a low number of bpfs (OpenBSD, Darwin) - Added some length checks for SMB checks - No more zombies - Fixed accounts.nes - Fixed the reporting of the client (reports would be mixed) - Client removes tempfiles when exiting - Repaired ptyexecvp() which would not work on Solaris - Slight bugfix in the NASL interpretor . changes by Georges Dagousset (georges at alert4web.com) - More optimizations - Properly reloads KBs with the same value defined more than once - Fixes in some plugins dependencies . changes by Michael Slifcak - More nmap options - Quiet mode in nessus-adduser 1.1.7 : . changes by Renaud Deraison (deraison at nessus.org) - Compiles on platforms without OpenSSL - Better Solaris support - Ported under Darwin (many thanks to Dieter Fiebelkorn (dieter at fiebelkorn.net) who actually started the port and helped me test this) - Unscanned ports can now be considered as closed or open (instead of just open), at user choice - Upgraded to libtool 1.4.2 - fixed a bug in the client which would make it display the wrong report when doing multiple scans - enhanced the plugins filter (that appear when pressing 'l' in the GUI) - fixed a serious problem in the SMB plugins which would prevent them to work against Samba and which would make them slow against Windows (pointed out by Georges Dagousset) . changes by Iouri Pletnev (Iouri.Pletnec at xacta.com) - Ported under Cygwin . changes by Michel Arboi (arboi@alussinan.org) - Added nessus-mkrand for hosts with no /dev/random AND no EGD running 1.1.6 : . changes by Renaud Deraison (deraison at nessus.org) - EGD support for OpenSSL (do ./configure --enable-egd=/path/to/egd/socket in nessus-libraries) - KB items are now stored with individual dates instead of a global date for the whole KB file. Yes, this means you have to delete your old KB files - When an host could not be pinged, his KB is not altered (nor created) - fixed memory leaks in nessusd - nessus-mkcert checks that the certificates were really created before congratulating the user - fixed a security problem where anybody with a shell on the nessusd host could log in 1.1.5 : . changes by Georges Dagousset (georges.dagousset at alert4web.com) : - new KB entries for further "optimizations" - improved find_services.nes . changes by Renaud Deraison (deraison at nessus.org) : - cleaned up the KB - added doc/kb_entries.txt - bugfix in find_services regarding the pem password - new reporting GUI - fixed a problem which would leave some plugin run against a host considered as dead - the KB are now stored with properly escaped \n and \r chars - greatly improved tcp_ping.nasl (and tcp_ping() in libnasl) . changes by Michel Arboi (arboi@alussinan.org) : - replaced PEKS by OpenSSL in the client/server communication . changes by H D Moore (hdm@secureaustin.com) - fixed no404.nasl 1.1.4 : . changes by Renaud Deraison (deraison at nessus.org) : - fixed find_services.nes - plugins that are slow to finish are _really_ killed by the server - the client better handles the scan of big networks - nmap_wrapper now updates its progress bar - nessus-update-plugins support proxies (with or without authentication) - monitor_backend.c and data_mining.c allow any developer to plug a database behind the client (by default flatfiles are used) - bug fixed in nmap_wrapper which would make it kill its parent process randomly - minor fix in the tcp_ping() function of NASL (ack would be set to non-zero for a syn packet) - fixed Alexis's ftp_write_dirs.nes & ftp_bounce_scan.nes . changes by Michel Arboi (arboi@alussinan.org) : - find_services accepts password-protected .pem files - patches in the way files were transmitted between the client and the server (which could end up in a deadlock) . changes by Alexis de Bernis ) - nessusd and nessus : error at loading time when the peks library was compiled with a special ./configure flag (thanks to Bradley M Alexander ) - nessusd and nessus : can be compiled with the --disable-cipher flags - plugins : ftp_overflow.nasl : fixed a false positive pointed out by Jean-Paul Le Fevre - plugins : a dozen of new plugins have been added (piranha, uw imap overflow, Ken!, htimage.exe, lcdproc overflow, real server DoS, and more...) - nasl : added open_priv_sock_{udp,tcp} to open a socket with a priviledged port 1.0.0pre2 : - nessusd : stop the current plugin when the user hits 'stop' - nessusd : the rules now accept the keyword 'client_ip' (suggested by Hermann Himmelbauer ) - nessusd : logs the name of the plugins that are loaded (suggested by Matthias Andree ) - nessus : the 'reverse lookup' option now works - nessus : typo would prevent to compile nessus with gtk 1.0 (thanks to mike for pointing this out) - nessus : changed the .nsr file format to something more easily parseable which contains the ID of the plugins which generate security warnings or holes - nessus : error dialog makes more sense when nessusd is killed in the middle of a test (pointed out by Matthias Andree ) - nessus : fixed a segmentation fault that could occur during the login (Stefan Rapp s.rapp@hrz.uni-dortmund.de) - nessus : the user now has the ability to select all the plugins except the dangerous ones - nessus : fixed the busy waiting loop in the password dialog. For real this time. Thanks to Matthias Andree for pointing this out again. - nessus : other cosmetics things have been fixed - nasl : now supports user-defined functions (see the documentation for more details) - plugins : ssh_insertion.nasl : fixed a typo which would cause the plugin to yell when the user was using OpenSSH 1.2.2 (which is immune to this problem). Thanks to R. Pickett for pointing this out - plugins : lot of new security checks (thanks to Roelof Temmingh for pointing out some missing IIS checks) - all : version check at startup, as suggested by Scott Adkins 1.0.0pre1 : - nessus-adduser : utility to add easily a nessusd user - nessus : remembers the username - nessus : warns the user that the host key has been saved - nessus : fixed a busy waiting in the passphrase requester (thanks to Matthias Andree for pointing this out) - nessus : fixed a segmentation fault that would occur when the user close the test window during a test - nessus : saves the preferences of each plugin - nessusd : fixed a problem in the rules which ended up being too restrictive - nessusd : killall -1 nessusd now works - plugins : nmap_wrapper.nes : compatible with the new output of nmap - traditional netmasks (255.255.255.0) are now accepted - will not scan broadcast addresses (ie: 192.168.1.1/255.255.255.0 will scan from 192.168.1.1 to 192.168.1.254) - Compatible with FreeBSD 4 0.99.10 : - nessus : polished the GUI - nessus : GTK 1.0 compatible (Eduardo Urrea ) - nessusd : fixed a problem which could make the client see what was happening a few seconds later the event happened. (this was occuring when doing few tests against a great number of hosts) - nessusd.conf goes back to ${sysconfdir}/nessus/ (and not ${sysconfdir}/) - nessusd CPU usage : dropped from 100% to much fewer [thanks to Ryan Mooney who pointed this out] - nessus and nessusd : the target file may have an unlimited size (it was cut down to 2047 bytes in the past) [many thanks to Boris Wesslowski for pointing this out] - nasl : fixed a bug in recv() which would make nasl crash when reading data from a non-socket - nasl : close the sockets opened by a script in nasl_exit() - nasl : fixed a bug in egrep() - nasl : init_telnet() behaves well against a tcp-wrapped telnet - plugins : nmap_wrapper : ability to use nmap's ping. 0.99.9 : - nasl : added support for \xNN translation (Sebastian Andersson ) - nasl : cleaner compilation process - nessusd : removed warnings during compilation - nessusd : fixed a possible segmentation fault / logfile corruption that could occur when the user was manually stopping a test - nessusd : fixed typos that would prevent the compilation without the cipher layer - libnessus : timeout in recv_line() - nessus : fixed a dumb segmentation fault in the client when all the plugins are activated - nessus : disable all / enable all buttons - nessus : nicer xpms for error and warnings dialogs - nessus : fixed a bug that could make the client crash during plugin selection - plugins : read_accounts : fixed a problem that would disable this plugin - plugins : read_accounts : better handling of BSD telnet - plugins : queso : fixed a problem which would disable this plugin - plugins : stacheldraht : fixed a typo - plugins : added acc.nasl, netscape_wp_bug.nasl - added nasl_version() and nessuslib_version(), as suggested by Scott Adkins - nessus-core : better support for sysconfdir Keith Amidon (camalot@picnicpark.org) 0.99.8 : - OpenBSD portability - HP/UX shl_* support - re-attributed the plugins category, thanks to the lists made by Jeff Odegard who divided the plugins into three categories : begnign, intrusive and potentially destructive - the client disable all the potentially destructive plugins if they are not in ~/.nessusrc, and puts a warning sign in front of them - plugins have been attributed a unique ID - plugins are CVE compatible - NASL now supports regular expressions through the ereg() function. The syntax of the regexps is egrep-style, that I personnaly like. - several bugfixes - several new plugins - 'nasl' is a standalone NASL interpretor that can be used to debug Nessus scripts and/or write independants ones. - the nasl guide has been updated and comes with libnasl/ 0.99.7 : - fixed a 'file descriptor bomb' which would prevent nessusd to test big networks - fixed a problem in nessusd which would make it slow down then crawl when it was testing big networks 0.99.6 : - many segmentation faults corrected - fixed a problem in the client <-> server communication which would make the server "forget" to send some data to the client 0.99.5 : - New HTML export with pies and graphs - Handles the HTTP redirects (thanks to Andreas J. Koenig for requesting it) - behaves well when the same service is detected more than once on the target side. Ie: if the target is running 2 web servers, then all the security checks will be performed on both - Nicer client GUI - Communication between the client and the server's children done in a cleaner way - Corrected a bug in the client that would prevent it to work when not compiled with the cipher layer - Added a inetd friendly option - The quiet mode of the client will produce HTML, LaTeX, text or .nsr files regarding the file suffix given as argument - ASCII text output - report can be saved to stdout - kept-alive connection between the client and the server (no need to log in again between two tests) 0.99.4 : - Speedup - Several segmentation faults fixed - The user can now select the timeout value of the security checks read() function - The client can specify an alternate configuration file - Client : fixed problems regarding when to use the GUI Previous versions : - Corrected a problem regarding the list of checks selected by the user - ${prefix}/var/nessus is created - Corrected a typo in the code that would generate the preferences file - Changed the behaviour of the nessus client, when it is started in the background and a pass phrase is wanted as input. If available, the client terminates while complaining to the stderr. - Added long options to the nessus client; as a side effect, the command line version works under windows, too - OpenBSD portability issues - Fixed the process tracker on cipher layer to meet the io thread table overflow - Updated the process mgmnt, provided a general pty interface for subprocesses like nmap - Reduced memory consumption by 50% - Nessus can now use nmap(1). Thanks to Phil Brutsche who helped me to figure out how to do this. - Configuration files now installed in ${prefix}/etc/nessus/ - Man pages for nasl-config, nessus-config, nessus-build, as well as patches to problems that may occur during the installation by Josip Rodin - More efficient way to determine whether a DoS was successful or not. Thanks to Michel Arboi for the suggestion (does not work well yet) - The communication errors : 'out of threads already' and 'no cookie for received packets' have been fixed. - All the newest security tests