ChangeLog for nessus-core, nessus-libraries, nessus-plugins, libnasl $Id: CHANGES,v 1.304 2003/06/30 19:16:29 renaud Exp $ 2.0.7 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed bad performances issues when pinging dead hosts - Fixed a bug which would prevent to store items larger than 2kb in the KB - NFS and SMB file-related functions completed (open, read and cwd are implemented) - Plugins support for Windows 2003 - Network IPs can now be evenly sliced instead of being scanned sequentially - User-definable source-IP(s) for the checks (nessusd -S) - Fixed a possible message corruption problem if a plugin was to send a too long message back to nessusd - Fixed a possible plugin corruption problem when the client overwrites existing plugins - Fixed various false positives and wording issues in several plugins 2.0.6 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Support for the keyword 'default' as a port range in nmap_wrapper.nes - Fixed a zombie issue in nmap_wrapper.nes - Fixed various issues which could allow a NASL script to crash the NASL interpretor - Improved the process management in find_services.nes 2.0.5 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a rare race condition which may make the scan hang - Fixed SMB related issues - Entering "default" as the port range will make nessusd scan the ports listed in the Nessus services file. - Even more sigs in find_services.nes . changes by Julien Bordet (zejames@greyhats.org) - Added over 3,000 signatures to smtpscan.nasl (thanks to the data provided by the Nessus team) 2.0.4 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - fixed the SIGCHLD handler which would not work properly and leave zombies on the system - fixed a race condition when testing a great number of hosts which would cause a testing process to slow down a whole audit or even hang it totally - When a great number of host names is passed to nessusd as a target, they are resolved by chunks of 64 instead of trying to resolve everything then starting the test - RedHat 9 support (in spite of their attempt to make their distro incompatible with everyone else) . changes by Gabriel L. Somlo <somlo@acns.colostate.edu> - The nessus can save the reports to stdout and read them from stdin 2.0.3 : - fixed a compilation error which would prevent find_services from working properly 2.0.2 : . changes by Michel Arboi (arboi@alussinan.org) - NASL port of smtpscan (original Perl program by Julien Bordet) - Nasty bug made loop stop prematurely on rare cases . changes by Renaud Deraison (deraison@cvs.nessus.org) - Re-wrote webmirror.nasl from scratch. The new version has a real parser built-in and is much faster - Added checks for older Microsoft Advisories - SMB plugins now use NTMLv1 authentication, ie: they don't send passwords in clear text over the network any more - Added new crypto functions, taken from samba, in libnasl/ - Repaired detached scans - Fixed IP ranges notation (10.1.1-9.1-254 did not work any more) - Minor bug fixes and enhancements : #234, #233, #230, #229, #228, #225, #222, #220, #218, #217, #216, #215, #213, #212, #211, #207, #206, #205 - nessus-update-plugins properly calls chown under FreeBSD, no matter how many plugins there are - find_services.nes recognizes even more protocols . changes by Xueyong Zhi <zhi@mail.eecis.udel.edu> - Added NTLMv2 authentication . changes by Frank Migge (frank.migge@oracle.com) - nessus-mkcert-client creates the auth/rules file properly 2.0.1 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Minor bugfixes (bugs #180, #183, #185, #188, #189, #195, #197, #202, #203, #204) - Fixed the "pink" graphical report issue - Added http keep-alive support in the CGI related plugins - Fixed a bug in the function get_kb_list() which would not always work properly - Fixed an issue where in some situations, some HTTP services would not be tested for flaws if they have not been port-scanned first - Added new signatures in find_services.nes . changes by Stephen Friedl (steve@unixwiz.net) - Fixed bugs and warnings in nessus-libraries 2.0.0 : . changes by Michel Arboi (arboi@alussinan.org) - NASL2 : Implement >!< "strings don't match" operator - NASL2 : fixed a vicious case of freed memory copy. . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a small bug in the plugin scheduler - Ported to IRIX - Several small bugfixes . changes by Xueyong Zhi <zhi@mail.eecis.udel.edu> - Added nmap_osfingerprint 1.3.4 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Re-written the process manager for the hosts - Lots of bugfixes in the plugins text store manager - New port scanner "synscan" which uses the RTT of the packets to do its job. - Fixed several small issues in nasl and nessusd (bug fixes, code cleanup) - Added cryptographic hashing functions in NASL - Added the function get_kb_list() which returns the content of a KB without forking the plugin - Updated the manpages of nessusd and nasl . changes by Michel Arboi (arboi@alussinan.org) - Fixed scanner_get_port() when running in standalone mode - Fixed possible uninitiliazed memory issues in libnasl - Started to write the NASL2 reference guide (to be found in libnasl/doc/) 1.3.3 : . changes by Michel Arboi (arboi@alussinan.org) - Implement bit xor, logical & aithmetic right shift, power - Fix operator precedence - Added new NASL functions . changes by Renaud Deraison (deraison@cvs.nessus.org) - The plugin texts are not loaded in memory any more, thus reducing the consumption of the nessus daemon of two megs. This also speeds up the loading of nessusd. - Fixed a bug in the plugins scheduler (if optimizations were enabled, the scan would sometime hang) - Added a new NASL function (int()) - Fixed strings substraction to handle null values properly - find_services.nes runs in parallel mode, for improved speed - new plugin (synscan) which should perform well against firewalled hosts (computes the RTT before the scan) 1.3.2 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Added fixes so that nessus-core/nessusd/pluginscheduler.c compiles with the latest version of GCC - Fixed a bug in nessus-libraries/libnessus/bpf_share.c : a timer would not be reset, causing plugins which call bpf_next() to sometimes crash - Set the timer of bpf_share.c to a much lower value, thus making it work much better - Improved tcp_ping() - Fixed two bugs in the plugins scheduler : - If the option "enable dependencies at runtime" is set, it would enable ALL the plugins which are depended on, instead of only those we use ; - In some cases, it may terminate too early, thus preventing a scan from being complete - DESTDIR support 1.3.1 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Rewrote the plugins scheduler (which determines the order in which the plugins are to be launched). The new one is much more efficient but as a result, it is not possible to accurately determine the order in which the plugins will be ran, so the 'plugin name' in the client is now totally bogus - Fixed various issues with NASL scripts so that they work better with NASL2 - Fixed bugs relative to the creation of icmp and udp packets in nasl - Fixed some fatal bugs in the bpf sharer - NASL scripts do not read /dev/urandom any more, and use time() as a random seed instead. As a result, the loading and execution of nasl scripts if faster on systems where /dev/urandom can be blocking - Fixed the tcp NIDS evasion techniques on BSD systems - Full support for Bugtraq IDs - The HTML reports add links for URLs, and show the ID number of the plugin that issues the report. - Speed up the calls to arg_get_value() by using a hash of the name being searched for. - Changed the licence of NASL2 to the GPLv2 (with the consent of Michel Arboi) . changes by Michel Arboi (arboi@alussinan.org) - Better handling of the arrays in NASL2 . changes by Erik Anderson (eanders@carmichaelsecurity.com) - CVE and bugtraq cross references . changes by Jay (jay@kinetic.org) - Fixed multiple typos in the plugins . changes by Javier Fernandez-Sanguino (jfernandez@germinus.com) - Nessus now ships Hydra 2.2 - Fixed various compilation scritps (see bug#63) 1.3.0 : . changes by Michel Arboi (arboi@alussinan.org) - Use our own nessus-services file (re-generated at first start to include /etc/services and nmap-services) - Added new families of plugins (ACT_KILL_HOST and ACT_END) - Rewrote libnasl . changes by Renaud Deraison (deraison@cvs.nessus.org) - The 'cancel' button of several file selection dialogs is now working - Optimized several plugins : - Web-related checks now use http_recv() instead of recv() - open_priv_sock_tcp() has a lower timeout - RPC related checks now use get_rpc_port(), a function equivalent to libc's getrpcport() but with a much smaller timeout - Decreased the default value of checks_read_timeout from 15 to 5 - Fixed a bug in the plugin selection GUI which would not refresh the list of plugins of a given family properly (bug#3) - Fixed memory leaks in NASL - Fixed a bug in nessusd which would make it leak memory when receiving a SIGHUP (bug#10) - Fixed a compatibility problem with Nmap 3.10ALPHA (bug#11) - Nessus now accepts nmap's U: and T: notation for the port range (bug#5) - Helped Michel Arboi to give the last touches to the new libnasl . changes by Erik Anderson (eanders@pobox.com) - Added CVE and BID links, added urls and removed dead links from the plugins . changes by Michel Scheidell (scheidell@secnap.net) - Improved several SMB-related checks . changes by Rodolfo Baader (rbaader@activesec.biz) - Quotes and apostrophes are properly escaped in the XML output report 1.2.6 : . changes by Michael Slifcak (Michael.Slifcak@guardent.com) - Added Bugtraq cross reference in the plugins - Added support for BID in nessusd (this has yet to be done on the client side) . changes by Axel Nennker (Axel.Nennker@t-systems.com) - fixed the xml and html outputs - fixed array issues in a couple of plugins . changes by Michel Arboi (arboi@alussinan.org) - find_service now detects services protected by TCP wrappers or ACL - find_service detects gnuserv - ptyexecvp() replaced by nessus_popen() (*) . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a bug which may make nasl interpret backquoted strings (\n and \r) received from the network (problem noted by Pavel Kankovsky) - nmap_wrapper.nes calls _exit() instead of exit() (*) - Solved the lack of bpf's on Free/Open/NetBSD and MacOSX by sharing _one_ among all the Nessus processes. As a result, Nessus's ping is much more effective on these platforms - bugfix in plug_set_key() which would eventually make some scripts take too long when writing in the KB - Plugins of family ACT_SETTINGS are run *after* plugins of family ACT_SCANNERS - replaced the implementation of md5 which was used when OpenSSL is disabled by the one from RSA (the old one would not work on a big-endian host) - Fixed plugins build issues on MacOS X - The nessus client compiles and links against GTK+-2.0. Of course, it will be horrible and instable, as the GTK team does not care about backward compatibility (*) These two modifications solve the problems of nmap hanging under FreeBSD 1.2.5 : . changes by Michel Arboi (arboi@alussinan.org) - find_service now displays unknown services that run on assigned ports - read_stream_connection smarter (smaller timeout) - find_service sometimes declared IDENT as "unknown" . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a deadlock that would prevent some plugins from completing - Fixed a possible (although rare) corruption issue in the reports (the script IDs could under some circumstances be random) - Fixed a potential segfault in the execution of nasl scripts 1.2.4 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - Reverted back to autoconf 2.13. - Bug fix in nessus-core/nessusd/pluginlaunch.c - under some circumstances, data might have be lost in the reports - Fixed a bug in several plugins for web checks (under some circumstances, a plugin would do N x N checks against the remote web servers (where N equals to the number of web servers running on the remote host) 1.2.3 : . changes by Isaac Dawson (idawson@securitymanagementpartners.com) - New html output layout. . changes by Pasi Eronen (pasi.eronen@nixu.com) - fix in nmap_wrapper . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed a bug which could make, under some circumstances, make nessusd crash the host it is running on. - If the option log_whole_attack is set to "no", then only the begining and the end of the attack is logged (and not the time each plugin takes) - Improved no404.nasl to further reduce false positives - Bug fix in nessusd - under some rare circumstances, report data could be lost (if many many plugins were enabled at the same time and were sending data at the same time). - UDP packets are resent while we wait for a reply (avoids to loose packets en route) - Fixed the option "auto_enable_dependencies" which would not always work - Sending a SIGTERM to the nessus client during a command line scan forces it to save its result to the current test file - Non-printables characters are not shown in the report any more 1.2.2 : . changes by Renaud Deraison (deraison@cvs.nessus.org) - In the GUI, while running a scan, plugins names are only updated once in a while (saves CPU) - Bugfix in the client : some host names would make the client crash - Repaired the '-P' switch in the client 1.2.1 : . changes by Simon Law (sfllaw@engmail.uwaterloo.ca) - Made a manpage for nessus-mkcert-client(1) and have it installed by the Makefile - Revised most other manpages for missing information and to increase clarity . changes by Renaud Deraison (deraison@cvs.nessus.org) - Fixed the -i switch of nessus-update-plugins - Fixed a bug in the server which would, in some circumstances, not make it announce the proper order of the plugins being run - More CVE cross references - get_host_name() always return a FQDN - User-configurable third party domain for SMTP relay checks - Repaired hydra.nes - Fixed MacOS X specific problems (dlcompat vs NSCreateObjectFileImageFromFile) - Plugins dependencies appear in the GUI - Fixed nessus-mkcert so that long email addresses are accepted - Re-generated the 'configure' scripts with autconf 2.53 . changes by Michael Scheidell (scheidell@fdma.com) - Added some bound checkings in some SMB plugins to reduce noise in nessusd.messages . changes by Michel Arboi (arboi@alussinan.org) - ping_host.nasl pings on multiple ports 1.1.15/1.2.0 : . changes by Nicolas Dubee (ndubee@secway.com) : - Better support for AF_UNIX sockets . changes by Brian (bmc@snort.org) : - CVE references - several bugfixes in the plugins . changes by Peter Gründl (pgrundl@kpmg.dk) and Carsten Joergensen (carstenjoergensen@kpmg.dk) : - Extensive review of the plugins and therefore numerous fixes . changes by Axel Nennker (Axel.Nennker@t-systems.com) - FD leak in save_kb.c fixed . changes by Renaud Deraison (deraison at nessus.org) - It is now possible to upload files to the server when using the command line client - lrand48() portability problems worked around - fixed a bug in the report window that would make it crash randomly 1.1.14 : . changes by Renaud Deraison (deraison at nessus.org) - SMB fixes (thanks to Michael Scheidell) - When the safe checks option is enabled, dangerous tests with no alternate code (ie: plugins of type ACT_DESTRUCTIVE_ATTACK and ACT_DENIAL) are disabled - Hosts can be designated by their MAC address of instead of their IP address (mostly useful for DHCP networks) - Fixed a bug in the report generation which would replace newlines (\n) by semi-columns (;) - Fixed a bug in the export of some types of reports, where open ports with no data associated would not be saved - Integrated THC's Hydra as a Nessus plugin - Added new NT security checks (related to user management) - Plugins of type ACT_SETTINGS can not be disabled - Fixed a bug which would make nessusd hang when a scanner was reporting too many open ports (as when a UDP scan reports all UDP ports as being open) . changes by Dion Stempfley (dion at riptech.com) - The client can now filter on category . changes by Axel Nennker (Axel.Nennker@t-systems.com) - Fixed some plugins causing error messages in some circumstances (dns_xfer.nasl, snmp_processes.nasl...) - Stylish changes to prevent gcc -Wall from whining in some files - XML NG output is now XML compliant - Bug fixes . changes by Jenni Scott (jenni.scott@guardent.com) and Michael Slifcak (michael.slifcak@guardent.com) : - Improved the reporting of the plugins (better consistency, better wording) 1.1.13 : . changes by Michel Arboi (arboi@alussinan.org) - New family ACT_SETTINGS dedicated to plugins which just let the user enter some preferences - Optional NIDS evasion techniques (url encoding, tcp slicing) . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug in the command line client which would make it ignore some preferences - SMB checks can now log into a Windows domain - NIDS evasion techniques (data injection, short ttl) - Fixed a bug which would randomly stall the scan 1.1.12 : . changes by Renaud Deraison (deraison at nessus.org) - Workarounds on FreeBSD to prevent a kernel panic (thanks to Michael Scheidell and Stefan Esser) - nessus can export reports as other file formats again 1.1.11 : . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug regarding the saving of reports from the GUI - Improved the backend in many ways (speed-wise, content-wise) - Changes in the protocol - More messages are sent between the server and the client (timestamps, plugins version, ...) - New .nbe file format, which looks like .nsr but has more information in it - Plugins now have versions numbers. - The user can upload his plugins to the nessusd server from the client - It is now possible to upload files to the server (ie: nmap's results) in command-line mode - Fixed false positives in SNMP plugins when launched against a non-configured Solaris snmpd . changes by Guillaume Valadon (guillaume at valadon.net) - New XML output (the XML layout was defined by Lionel Cons [lionel.cons at cern.ch]) 1.1.10 : . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug introduced in 1.1.9 which would sometimes prevent a user from aborting an on-going test - Fixed a bug in the client which would prevent the user from setting a port range longer than 255 chars - Fixed bugs in pcap_next() (thanks to Richard van den Berg). Also, pcap_next() is now more flexible. - Fixed a bug in the command line client which would make it close the communication too early when the client - server communication is not ciphered - Added an "auto-load dependencies at runtime" option 1.1.9 : . changes by Renaud Deraison (deraison at nessus.org) - Fix in the GUI, when closing a saved report - Fixed a bug in ftp_log_in() which would prevent nasl script from logging into some FTP servers - Solaris build problems fixed - Darwin 1.4.1 build problems fixed - MkLinux DR3 build problems fixed (is anyone using it anymore ?) - GTK 1.0.x build problems fixed (the use of GTK 1.2 is recommended though) - Fixed the "wrong call to getopt" problem which would make Nessus segfault when built with cygwin, and which would prevent options from working under Solaris & FreeBSD (thanks to Udo Schweigert) - SMB checks speedup (thanks to Georges Dagousset's suggestion) - Fixed a bug in the client - server communication that would make the server close the communication when the client is idle - Better support for AF_UNIX socket for client-server communication (compile nessus-core with ./configure --enable-unix-socket) - Plugins are disabled by default in batch mode . changes by Michel Arboi (arboi@alussinan.org) - Client now properly checks the certificate of the server . changes by Benoit Brodard (bbrodard at arkoon.net) - fixed bugs in nasl/tcp.c (checksum, handling of unsigned int) 1.1.8 : . changes by Renaud Deraison (deraison at nessus.org) - Workaround for systems with a low number of bpfs (OpenBSD, Darwin) - Added some length checks for SMB checks - No more zombies - Fixed accounts.nes - Fixed the reporting of the client (reports would be mixed) - Client removes tempfiles when exiting - Repaired ptyexecvp() which would not work on Solaris - Slight bugfix in the NASL interpretor . changes by Georges Dagousset (georges at alert4web.com) - More optimizations - Properly reloads KBs with the same value defined more than once - Fixes in some plugins dependencies . changes by Michael Slifcak <Michael.Slifcak at guardent.com> - More nmap options - Quiet mode in nessus-adduser 1.1.7 : . changes by Renaud Deraison (deraison at nessus.org) - Compiles on platforms without OpenSSL - Better Solaris support - Ported under Darwin (many thanks to Dieter Fiebelkorn (dieter at fiebelkorn.net) who actually started the port and helped me test this) - Unscanned ports can now be considered as closed or open (instead of just open), at user choice - Upgraded to libtool 1.4.2 - fixed a bug in the client which would make it display the wrong report when doing multiple scans - enhanced the plugins filter (that appear when pressing 'l' in the GUI) - fixed a serious problem in the SMB plugins which would prevent them to work against Samba and which would make them slow against Windows (pointed out by Georges Dagousset) . changes by Iouri Pletnev (Iouri.Pletnec at xacta.com) - Ported under Cygwin . changes by Michel Arboi (arboi@alussinan.org) - Added nessus-mkrand for hosts with no /dev/random AND no EGD running 1.1.6 : . changes by Renaud Deraison (deraison at nessus.org) - EGD support for OpenSSL (do ./configure --enable-egd=/path/to/egd/socket in nessus-libraries) - KB items are now stored with individual dates instead of a global date for the whole KB file. Yes, this means you have to delete your old KB files - When an host could not be pinged, his KB is not altered (nor created) - fixed memory leaks in nessusd - nessus-mkcert checks that the certificates were really created before congratulating the user - fixed a security problem where anybody with a shell on the nessusd host could log in 1.1.5 : . changes by Georges Dagousset (georges.dagousset at alert4web.com) : - new KB entries for further "optimizations" - improved find_services.nes . changes by Renaud Deraison (deraison at nessus.org) : - cleaned up the KB - added doc/kb_entries.txt - bugfix in find_services regarding the pem password - new reporting GUI - fixed a problem which would leave some plugin run against a host considered as dead - the KB are now stored with properly escaped \n and \r chars - greatly improved tcp_ping.nasl (and tcp_ping() in libnasl) . changes by Michel Arboi (arboi@alussinan.org) : - replaced PEKS by OpenSSL in the client/server communication . changes by H D Moore (hdm@secureaustin.com) - fixed no404.nasl 1.1.4 : . changes by Renaud Deraison (deraison at nessus.org) : - fixed find_services.nes - plugins that are slow to finish are _really_ killed by the server - the client better handles the scan of big networks - nmap_wrapper now updates its progress bar - nessus-update-plugins support proxies (with or without authentication) - monitor_backend.c and data_mining.c allow any developer to plug a database behind the client (by default flatfiles are used) - bug fixed in nmap_wrapper which would make it kill its parent process randomly - minor fix in the tcp_ping() function of NASL (ack would be set to non-zero for a syn packet) - fixed Alexis's ftp_write_dirs.nes & ftp_bounce_scan.nes . changes by Michel Arboi (arboi@alussinan.org) : - find_services accepts password-protected .pem files - patches in the way files were transmitted between the client and the server (which could end up in a deadlock) . changes by Alexis de Bernis <alexisb at tpfh.org) : - fixed ftp_write_dirs.nes 1.1.3 : . changes by Renaud Deraison (deraison at nessus.org) : - added the plugin 'torturecgis.nasl' which supplies bogus args to the remote CGIs, in order to find the most blantantly broken ones - webmirror.nasl now retrieves the list of arguments of each CGI. - added filter support in the client. Use the key 'l' to filter out plugins you don't want to see. - added the 'safe checks' option which allow the user to not disturb the network (but which weakens the Nessus tests) - disabled backward support for port 3001 - the official port is 1241 now. 1.1.2 : . changes by Renaud Deraison (deraison at nessus.org) : - added the plugin 'webmirror.nasl', which extracts the list of CGIs used by a remote web server (and will do much more). - fixed a problem in NASL due to the SSL patch that would cause a fd leak with some plugins. - added a new plugin category (ACT_DESTRUCTIVE_ATTACK) for plugins that may harm the remote host. - SSL certificates & key can be imported - corrected a bug introduced in 1.1.0 that would make the client not display the name of the plugin currently being run. - sending signal SIGUSR1 to nessusd makes the grandfather process (the one who listens on tcp ports) die without killing its children, thus allowing a smooth upgrade of nessusd - updated config.guess and config.sub 1.1.1 : . changes by Renaud Deraison (deraison at nessus.org) : - fixed mem leaks in NASL - fixed a bug introduced in 1.1.0 regarding recv_line() - fixed a bug introduced in 1.1.0 in the process management of the plugins (all the KB would not be filled, resulting in incomplete tests) - smb_sid2user.nasl is twice as fast ;) 1.1.0 : . changes by Devin Kowatch (devink at SDSC.EDU) : - fixed communication problem between client and server - user-defined timing policy in nmap - nessus-update-plugins uses wget (or any user-supplied command at compilation time) if available. . changes by Michel Arboi (arboi@alussinan.org) : - support for the -T option of nmap - SSL support . changes by Zorgon (zorgon at antionline.org) : - support for the --os_guess option of nmap . changes by Renaud Deraison (deraison at nessus.org) : - the user can upload files to plugins through the client (ie: it is possible to upload nmap's results directly to the nmap plugin) - tests can be run in parallel now - each user is now granted a home by nessus-adduser - added nessus-rmuser - per users plugins 1.0.7 : . changes by Jordan Hrycaj (jordan at nessus.org) : - added support for iana port 1241 while 3001 open at the same time, nin-compat mode (disabling 3001) as an experimantal configure option - nessus-adduser allows to create local users with immediate key exchange (no passphrase procedure needed) - nessusd allows to specify user logins with netmasks (as with the public key tags and passwords) in the nessusd.users file - some options added to nessus, and nessusd - you can force the compilation/installation of the getopt_long() function(s) by a configure option . changes by Renaud Deraison (deraison at nessus.org) : - http virtual hosts can now be tested - user-modifiable per-plugin timeout - detached scans can now be stopped from the client - fixed issues in detached scan - implemented plugins_reload() which loads new plugins in memory - get_host_name() returns the name of host, as entered by the user (and not a resolve(ip(name_of_host))) - added the function cgibin() in NASL, which returns the paths to use to get to the CGIs (default : /cgi-bin) . changes by Loren Bandiera (lorenb at shelluser.net) : - XML output improved 1.0.6 : . changes by Renaud Deraison (deraison at nessus.org) : - detached scans can send their result to a given email address (experimental, see http://www.nessus.org/doc/detached_scan.html) - diff scan (experimental - see http://www.nessus.org/doc/diff_scan.html) - probably fixed a bug which would prevent, under rare circumstances, a scan to finish - NASL plugins can have no timeout - minor change in the LaTeX report - Support for Sun Workshop 5 compiler - IRIX 6.2 support - HP/UX 10.20 support - Fixed a problem in report saving (saving as HTML would produce an XML file) - thanks to Scott Nichols (Scott.Nichols at globalintegrity.com) . changes by Jordan Hrycaj (jordan@mjh.teddy-net.com) - Fixed a problem in the random number generator 1.0.5 : . changes by Loren Bandiera (lorenb at shelluser.net) : - XML output in the Nessus client. . changes by Renaud Deraison (deraison at nessus.org) : - added experimental KB saving, to prevent the audit to restart from scratch between two tests. See http://www.nessus.org/doc/kb_saving.html for details - added experimental detached scans. See http://www.nessus.org/doc/detached_scan.html for details - bug in the test of DoS attacks fixed (thanks to Christophe Grenier, (Christophe.Grenier at esiea.fr)) - minor changes in nessus-adduser - scripts that open a UDP socket read the result of a UDP scan first - when it receives a SIGHUP, nessusd first frees memory. It also closes and re-opens the nessusd.messages file - the plugin timeout is now user definable, in nessusd.conf - 64 bit compatible (nessusd would produce warnings when running on some 64 bit architectures). Thanks to the SuSE (http://www.suse.de) team for having given me access to an IA-64 to compile and try Nessus. - libnasl : better error reporting, minor bugs fixed . Changes by Jordan Hrycaj (jordan at mjh.teddy-net.com) - faster cipher layer . changes by Cyril Leclerc (cleclerc at boreal-com.fr) - a GTK error would sometime be produced when the client is run in batch mode (Cyril Leclerc (cleclerc at boreal-com.fr)) 1.0.4 : . changes by Christoph Puppe (pluto at defcom-sec.com) : - added "Sort by Port" to the report window. Saving of this is not finished. - arglist_insert sorts first by holes, then by warnings, then by notes. Previous version only sorted by holes. . changes by Renaud Deraison (renaud at nessus.org) : - ftp related checks : the user can now supply a login/password for the ftp checks, and relies on the ftp banner if nessusd can't log into the ftp server (requested by Jens.Oeser at connector.de). - libnessus : ftp_log_in() would sometime fail against some ftp servers - better handling of large reports - tests are saved on the server side and can be restored. Note that this is experimental and disabled by default. Do ./configure --enable-save-sessions to enable this experimental feature, and read doc/session_saving.txt for details. - better handling of targets with multiple web servers running - continue to launch the DoS if the state of the remote host can not be determined - fixed a bug in smb_login_as_users.nasl, and improved smb_accessible_shares.nasl - added checks for unpassworded MySQLs and PostgreSQL databases - nessusd uses less memory . changes by Pavel Kankovsky (peak at argo.troja.mff.cuni.cz) : - fixed a possible deadlock in the nessusd internal communication - fixed a problem in the client that would make it crash if it received a malformed message from the server - the client would not detect the death of the server when run in batch mode - possible header confusion (with regex.h) fixed - possible signal deadlock when exiting fixed . Other changes : - fixed a problem in the function is_cgi_installed() that may sometime not work against odd clients (Thomas Reinke (reinke at e-softinc.com)) - fixed a bug in snmp_default_communities.nasl (Lionel Cons (lionel.cons at cern.ch)) - fixed showmount.nasl (Paul Ewing Jr. (ewing at ima.umn.edu)) - typo in showmount.nasl would prevent it to work over udp (ctor at krixor.xy.org) 1.0.3 : . changes by Renaud Deraison (renaud at nessus.org) : - fixed various small problems in various plugins - fixed a nasty bug in libnasl that would prevent raw packets from being read - compiles under Solaris - possible segfault in the client fixed 1.0.2 : . changes by Christoph Puppe (christoph.puppe at defcom-sec.com) : - Unified the naming of Vulnerability, Warning, Note in ASCII and HTML. - latex_report_category seems like an oversimplification to me. What if we have a large network with lots of small holes, is this saver than a network with only one big? I've made a try on weighted rules. Hosts with holes get elevated to *10, warnings to *5 and notes stay where they are. - added Level Note, it has it's own dot and is meant to be used for notes and notifications. The tex file is updated. - changed smalies in various functions, to be easier to read, faster or more generic. - plugins: finger.nasl was buggy . changes by Renaud Deraison (renaud at nessus.org) : - possible hang at report time fixed in the client - fixed a bug in the way the command-line client handles the plugins preferences - fixed a problem in the detection of the servers that do not reply with a 404 error code when request an inexistant page - fixed various compilations errors occuring on various platforms - libnasl : fixed a bug that would occur in standalone mode - nessus-libraries : takes the presence of the shared libraries of the system into account - SMB and DCE/RPC over SMB issues : . smb_login.nasl : fixed an error (would always want to access IPC$ to declare that a login is valid) . netbios_name_get.nasl : fixed an error which would prevent the SMB tests to work against Windows 2000 . smb_dom2sid.nasl : LsarQueryInfoPolicy() now obtains the host sid, rather than the sid of the domain, so that local accounts are shown and tested (instead of the domain accounts only) . smb_enum_services.nasl : Lists the services that are running on the remote host - new security checks added . changes by Jordan Hrycaj (jordan at nessus.org) : - libpeks now uses the libgmp that comes with the operating system if any, and does the same for libz - fixed a bug that would prevent the client from working properly under OpenBSD 1.0.1 : - nessusd : if the --enable-tcpwrappers flag is given to ./configure, then nessusd is compiled with tcpwrappers support - nessus : Pies and charts under Win32 too - nessus : fixed errors when generating pies and charts which would cause horrible graphics (thanks to John Q. Public (tpublic at dimensional.com) for pointing this out) - nasl : memory leaks fixed, performance improved, bug in forge_tcp_packet() fixed - nessus-update-plugins : somehow improved - plugins : more SMB checks, rewritten showmount in nasl, tons of new security checks (for a total of 435, whatever that means) - plugins : fixed snmp_default_communities which was bugged. Thanks to W. Mark Herrick, Jr. (markh at va.rr.com) for pointing this out. - gmp 3.0 is used by libpeks (vs 2.0.2) 1.0.0 : - nessus : fixed problems with the "spiffy" HTML export - nasl : fixed various minor issues - nasl : added the function ereg_replace() - libhosts_gatherer : fixed a problem in the reverse lookups issues - plugins : nearly 20 new security checks (including SMB checks) - hinting to NESSUSHOME if ~/.nessusrc is not available (jh) 1.0.0pre3 : - added the utility nessus-update-plugins(8). See the man page for security notes - nessus : HTML reports now include links to the CVE entries - nessus-adduser / libpeks : it is now possible to declare from which host a user can connect to nessusd - plugins : better behavior of the CGI tests against hosts which do not issue 404 error codes - security : nessusd.users would sometime be in mode 0644 (due to nessus-adduser), accounts.nes would let nessusd users read arbitrary files on the system - nessusd : sends an error to the client when it attempts to scan a host it's not allowed to (suggested by Hermann Himmelbauer <dusty@violin-kan.dyndns.org>) - nessusd and nessus : error at loading time when the peks library was compiled with a special ./configure flag (thanks to Bradley M Alexander <storm@tux.org>) - nessusd and nessus : can be compiled with the --disable-cipher flags - plugins : ftp_overflow.nasl : fixed a false positive pointed out by Jean-Paul Le Fevre <J-P.LeFevre@cea.fr> - plugins : a dozen of new plugins have been added (piranha, uw imap overflow, Ken!, htimage.exe, lcdproc overflow, real server DoS, and more...) - nasl : added open_priv_sock_{udp,tcp} to open a socket with a priviledged port 1.0.0pre2 : - nessusd : stop the current plugin when the user hits 'stop' - nessusd : the rules now accept the keyword 'client_ip' (suggested by Hermann Himmelbauer <dusty@violin-kan.dyndns.org>) - nessusd : logs the name of the plugins that are loaded (suggested by Matthias Andree <ma@dt.e-technik.uni-dortmund.de>) - nessus : the 'reverse lookup' option now works - nessus : typo would prevent to compile nessus with gtk 1.0 (thanks to mike <michael.seeger@mchh.siemens.de> for pointing this out) - nessus : changed the .nsr file format to something more easily parseable which contains the ID of the plugins which generate security warnings or holes - nessus : error dialog makes more sense when nessusd is killed in the middle of a test (pointed out by Matthias Andree <ma@dt.e-technik.uni-dortmund.de>) - nessus : fixed a segmentation fault that could occur during the login (Stefan Rapp s.rapp@hrz.uni-dortmund.de) - nessus : the user now has the ability to select all the plugins except the dangerous ones - nessus : fixed the busy waiting loop in the password dialog. For real this time. Thanks to Matthias Andree <ma@dt.e-technik.uni-dortmund.de> for pointing this out again. - nessus : other cosmetics things have been fixed - nasl : now supports user-defined functions (see the documentation for more details) - plugins : ssh_insertion.nasl : fixed a typo which would cause the plugin to yell when the user was using OpenSSH 1.2.2 (which is immune to this problem). Thanks to R. Pickett <emerson@hayseed.net> for pointing this out - plugins : lot of new security checks (thanks to Roelof Temmingh <roelof@sensepost.com> for pointing out some missing IIS checks) - all : version check at startup, as suggested by Scott Adkins <sadkins@voyager2.cns.ohiou.edu> 1.0.0pre1 : - nessus-adduser : utility to add easily a nessusd user - nessus : remembers the username - nessus : warns the user that the host key has been saved - nessus : fixed a busy waiting in the passphrase requester (thanks to Matthias Andree <ma@dt.e-technik.uni-dortmund.de> for pointing this out) - nessus : fixed a segmentation fault that would occur when the user close the test window during a test - nessus : saves the preferences of each plugin - nessusd : fixed a problem in the rules which ended up being too restrictive - nessusd : killall -1 nessusd now works - plugins : nmap_wrapper.nes : compatible with the new output of nmap - traditional netmasks (255.255.255.0) are now accepted - will not scan broadcast addresses (ie: 192.168.1.1/255.255.255.0 will scan from 192.168.1.1 to 192.168.1.254) - Compatible with FreeBSD 4 0.99.10 : - nessus : polished the GUI - nessus : GTK 1.0 compatible (Eduardo Urrea <eduardou@hispasecurity.com>) - nessusd : fixed a problem which could make the client see what was happening a few seconds later the event happened. (this was occuring when doing few tests against a great number of hosts) - nessusd.conf goes back to ${sysconfdir}/nessus/ (and not ${sysconfdir}/) - nessusd CPU usage : dropped from 100% to much fewer [thanks to Ryan Mooney <ryanm@mhpcc.edu> who pointed this out] - nessus and nessusd : the target file may have an unlimited size (it was cut down to 2047 bytes in the past) [many thanks to Boris Wesslowski <Boris.Wesslowski@RUS.Uni-Stuttgart.DE> for pointing this out] - nasl : fixed a bug in recv() which would make nasl crash when reading data from a non-socket - nasl : close the sockets opened by a script in nasl_exit() - nasl : fixed a bug in egrep() - nasl : init_telnet() behaves well against a tcp-wrapped telnet - plugins : nmap_wrapper : ability to use nmap's ping. 0.99.9 : - nasl : added support for \xNN translation (Sebastian Andersson <sa@hogia.net>) - nasl : cleaner compilation process - nessusd : removed warnings during compilation - nessusd : fixed a possible segmentation fault / logfile corruption that could occur when the user was manually stopping a test - nessusd : fixed typos that would prevent the compilation without the cipher layer - libnessus : timeout in recv_line() - nessus : fixed a dumb segmentation fault in the client when all the plugins are activated - nessus : disable all / enable all buttons - nessus : nicer xpms for error and warnings dialogs - nessus : fixed a bug that could make the client crash during plugin selection - plugins : read_accounts : fixed a problem that would disable this plugin - plugins : read_accounts : better handling of BSD telnet - plugins : queso : fixed a problem which would disable this plugin - plugins : stacheldraht : fixed a typo - plugins : added acc.nasl, netscape_wp_bug.nasl - added nasl_version() and nessuslib_version(), as suggested by Scott Adkins <sadkins@voyager2.cns.ohiou.edu> - nessus-core : better support for sysconfdir Keith Amidon (camalot@picnicpark.org) 0.99.8 : - OpenBSD portability - HP/UX shl_* support - re-attributed the plugins category, thanks to the lists made by Jeff Odegard <jeff@digitaldefense.net> who divided the plugins into three categories : begnign, intrusive and potentially destructive - the client disable all the potentially destructive plugins if they are not in ~/.nessusrc, and puts a warning sign in front of them - plugins have been attributed a unique ID - plugins are CVE compatible - NASL now supports regular expressions through the ereg() function. The syntax of the regexps is egrep-style, that I personnaly like. - several bugfixes - several new plugins - 'nasl' is a standalone NASL interpretor that can be used to debug Nessus scripts and/or write independants ones. - the nasl guide has been updated and comes with libnasl/ 0.99.7 : - fixed a 'file descriptor bomb' which would prevent nessusd to test big networks - fixed a problem in nessusd which would make it slow down then crawl when it was testing big networks 0.99.6 : - many segmentation faults corrected - fixed a problem in the client <-> server communication which would make the server "forget" to send some data to the client 0.99.5 : - New HTML export with pies and graphs - Handles the HTTP redirects (thanks to Andreas J. Koenig <andreas.koenig@anima.de> for requesting it) - behaves well when the same service is detected more than once on the target side. Ie: if the target is running 2 web servers, then all the security checks will be performed on both - Nicer client GUI - Communication between the client and the server's children done in a cleaner way - Corrected a bug in the client that would prevent it to work when not compiled with the cipher layer - Added a inetd friendly option - The quiet mode of the client will produce HTML, LaTeX, text or .nsr files regarding the file suffix given as argument - ASCII text output - report can be saved to stdout - kept-alive connection between the client and the server (no need to log in again between two tests) 0.99.4 : - Speedup - Several segmentation faults fixed - The user can now select the timeout value of the security checks read() function - The client can specify an alternate configuration file - Client : fixed problems regarding when to use the GUI Previous versions : - Corrected a problem regarding the list of checks selected by the user - ${prefix}/var/nessus is created - Corrected a typo in the code that would generate the preferences file - Changed the behaviour of the nessus client, when it is started in the background and a pass phrase is wanted as input. If available, the client terminates while complaining to the stderr. - Added long options to the nessus client; as a side effect, the command line version works under windows, too - OpenBSD portability issues - Fixed the process tracker on cipher layer to meet the io thread table overflow - Updated the process mgmnt, provided a general pty interface for subprocesses like nmap - Reduced memory consumption by 50% - Nessus can now use nmap(1). Thanks to Phil Brutsche <pbrutsch@creighton.edu> who helped me to figure out how to do this. - Configuration files now installed in ${prefix}/etc/nessus/ - Man pages for nasl-config, nessus-config, nessus-build, as well as patches to problems that may occur during the installation by Josip Rodin <joy@cibalia.gkvk.hr> - More efficient way to determine whether a DoS was successful or not. Thanks to Michel Arboi <arboi@alussinan.org> for the suggestion (does not work well yet) - The communication errors : 'out of threads already' and 'no cookie for received packets' have been fixed. - All the newest security tests