summaryrefslogtreecommitdiff
path: root/security/nessus
AgeCommit message (Collapse)AuthorFilesLines
2002-05-10Update libnasl, nessus{-core,-libraries,-plugins} to 1.2.0.frueauf1-3/+3
1.1.15/1.2.0 : . changes by Nicolas Dubee (ndubee@secway.com) : - Better support for AF_UNIX sockets . changes by Brian (bmc@snort.org) : - CVE references - several bugfixes in the plugins . changes by Peter Gründl (pgrundl@kpmg.dk) and Carsten Joergensen (carstenjoergensen@kpmg.dk) : - Extensive review of the plugins and therefore numerous fixes . changes by Axel Nennker (Axel.Nennker@t-systems.com) - FD leak in save_kb.c fixed . changes by Renaud Deraison (deraison at nessus.org) - It is now possible to upload files to the server when using the command line client - lrand48() portability problems worked around - fixed a bug in the report window that would make it crash randomly 1.1.14 : . changes by Renaud Deraison (deraison at nessus.org) - SMB fixes (thanks to Michael Scheidell) - When the safe checks option is enabled, dangerous tests with no alternate code (ie: plugins of type ACT_DESTRUCTIVE_ATTACK and ACT_DENIAL) are disabled - Hosts can be designated by their MAC address of instead of their IP address (mostly useful for DHCP networks) - Fixed a bug in the report generation which would replace newlines (\n) by semi-columns (;) - Fixed a bug in the export of some types of reports, where open ports with no data associated would not be saved - Integrated THC's Hydra as a Nessus plugin - Added new NT security checks (related to user management) - Plugins of type ACT_SETTINGS can not be disabled - Fixed a bug which would make nessusd hang when a scanner was reporting too many open ports (as when a UDP scan reports all UDP ports as being open) . changes by Dion Stempfley (dion at riptech.com) - The client can now filter on category . changes by Axel Nennker (Axel.Nennker@t-systems.com) - Fixed some plugins causing error messages in some circumstances (dns_xfer.nasl, snmp_processes.nasl...) - Stylish changes to prevent gcc -Wall from whining in some files - XML NG output is now XML compliant - Bug fixes . changes by Jenni Scott (jenni.scott@guardent.com) and Michael Slifcak (michael.slifcak@guardent.com) : - Improved the reporting of the plugins (better consistency, better wording) 1.1.13 : . changes by Michel Arboi (arboi at algoriel.fr) - New family ACT_SETTINGS dedicated to plugins which just let the user enter some preferences - Optional NIDS evasion techniques (url encoding, tcp slicing) . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug in the command line client which would make it ignore some preferences - SMB checks can now log into a Windows domain - NIDS evasion techniques (data injection, short ttl) - Fixed a bug which would randomly stall the scan 1.1.12 : . changes by Renaud Deraison (deraison at nessus.org) - Workarounds on FreeBSD to prevent a kernel panic (thanks to Michael Scheidell and Stefan Esser) - nessus can export reports as other file formats again 1.1.11 : . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug regarding the saving of reports from the GUI - Improved the backend in many ways (speed-wise, content-wise) - Changes in the protocol - More messages are sent between the server and the client (timestamps, plugins version, ...) - New .nbe file format, which looks like .nsr but has more information in it - Plugins now have versions numbers. - The user can upload his plugins to the nessusd server from the client - It is now possible to upload files to the server (ie: nmap's results) in command-line mode - Fixed false positives in SNMP plugins when launched against a non-configured Solaris snmpd . changes by Guillaume Valadon (guillaume at valadon.net) - New XML output (the XML layout was defined by Lionel Cons [lionel.cons at cern.ch]) 1.1.10 : . changes by Renaud Deraison (deraison at nessus.org) - Fixed a bug introduced in 1.1.9 which would sometimes prevent a user from aborting an on-going test - Fixed a bug in the client which would prevent the user from setting a port range longer than 255 chars - Fixed bugs in pcap_next() (thanks to Richard van den Berg). Also, pcap_next() is now more flexible. - Fixed a bug in the command line client which would make it close the communication too early when the client - server communication is not ciphered - Added an "auto-load dependencies at runtime" option 1.1.9 : . changes by Renaud Deraison (deraison at nessus.org) - Fix in the GUI, when closing a saved report - Fixed a bug in ftp_log_in() which would prevent nasl script from logging into some FTP servers - Solaris build problems fixed - Darwin 1.4.1 build problems fixed - MkLinux DR3 build problems fixed (is anyone using it anymore ?) - GTK 1.0.x build problems fixed (the use of GTK 1.2 is recommended though) - Fixed the "wrong call to getopt" problem which would make Nessus segfault when built with cygwin, and which would prevent options from working under Solaris & FreeBSD (thanks to Udo Schweigert) - SMB checks speedup (thanks to Georges Dagousset's suggestion) - Fixed a bug in the client - server communication that would make the server close the communication when the client is idle - Better support for AF_UNIX socket for client-server communication (compile nessus-core with ./configure --enable-unix-socket) - Plugins are disabled by default in batch mode . changes by Michel Arboi (arboi at algoriel.fr) - Client now properly checks the certificate of the server . changes by Benoit Brodard (bbrodard at arkoon.net) - fixed bugs in nasl/tcp.c (checksum, handling of unsigned int) 1.1.8 : . changes by Renaud Deraison (deraison at nessus.org) - Workaround for systems with a low number of bpfs (OpenBSD, Darwin) - Added some length checks for SMB checks - No more zombies - Fixed accounts.nes - Fixed the reporting of the client (reports would be mixed) - Client removes tempfiles when exiting - Repaired ptyexecvp() which would not work on Solaris - Slight bugfix in the NASL interpretor . changes by Georges Dagousset (georges at alert4web.com) - More optimizations - Properly reloads KBs with the same value defined more than once - Fixes in some plugins dependencies . changes by Michael Slifcak <Michael.Slifcak at guardent.com> - More nmap options - Quiet mode in nessus-adduser 1.1.7 : . changes by Renaud Deraison (deraison at nessus.org) - Compiles on platforms without OpenSSL - Better Solaris support - Ported under Darwin (many thanks to Dieter Fiebelkorn (dieter at fiebelkorn.net) who actually started the port and helped me test this) - Unscanned ports can now be considered as closed or open (instead of just open), at user choice - Upgraded to libtool 1.4.2 - fixed a bug in the client which would make it display the wrong report when doing multiple scans - enhanced the plugins filter (that appear when pressing 'l' in the GUI) - fixed a serious problem in the SMB plugins which would prevent them to work against Samba and which would make them slow against Windows (pointed out by Georges Dagousset) . changes by Iouri Pletnev (Iouri.Pletnec at xacta.com) - Ported under Cygwin . changes by Michel Arboi (arboi at algoriel.fr) - Added nessus-mkrand for hosts with no /dev/random AND no EGD running 1.1.6 : . changes by Renaud Deraison (deraison at nessus.org) - EGD support for OpenSSL (do ./configure --enable-egd=/path/to/egd/socket in nessus-libraries) - KB items are now stored with individual dates instead of a global date for the whole KB file. Yes, this means you have to delete your old KB files - When an host could not be pinged, his KB is not altered (nor created) - fixed memory leaks in nessusd - nessus-mkcert checks that the certificates were really created before congratulating the user - fixed a security problem where anybody with a shell on the nessusd host could log in 1.1.5 : . changes by Georges Dagousset (georges.dagousset at alert4web.com) : - new KB entries for further "optimizations" - improved find_services.nes . changes by Renaud Deraison (deraison at nessus.org) : - cleaned up the KB - added doc/kb_entries.txt - bugfix in find_services regarding the pem password - new reporting GUI - fixed a problem which would leave some plugin run against a host considered as dead - the KB are now stored with properly escaped \n and \r chars - greatly improved tcp_ping.nasl (and tcp_ping() in libnasl) . changes by Michel Arboi (arboi at algoriel.fr) : - replaced PEKS by OpenSSL in the client/server communication . changes by H D Moore (hdm@secureaustin.com) - fixed no404.nasl 1.1.4 : . changes by Renaud Deraison (deraison at nessus.org) : - fixed find_services.nes - plugins that are slow to finish are _really_ killed by the server - the client better handles the scan of big networks - nmap_wrapper now updates its progress bar - nessus-update-plugins support proxies (with or without authentication) - monitor_backend.c and data_mining.c allow any developer to plug a database behind the client (by default flatfiles are used) - bug fixed in nmap_wrapper which would make it kill its parent process randomly - minor fix in the tcp_ping() function of NASL (ack would be set to non-zero for a syn packet) - fixed Alexis's ftp_write_dirs.nes & ftp_bounce_scan.nes . changes by Michel Arboi (arboi at noos.fr) : - find_services accepts password-protected .pem files - patches in the way files were transmitted between the client and the server (which could end up in a deadlock) . changes by Alexis de Bernis <alexisb at tpfh.org) : - fixed ftp_write_dirs.nes 1.1.3 : . changes by Renaud Deraison (deraison at nessus.org) : - added the plugin 'torturecgis.nasl' which supplies bogus args to the remote CGIs, in order to find the most blantantly broken ones - webmirror.nasl now retrieves the list of arguments of each CGI. - added filter support in the client. Use the key 'l' to filter out plugins you don't want to see. - added the 'safe checks' option which allow the user to not disturb the network (but which weakens the Nessus tests) - disabled backward support for port 3001 - the official port is 1241 now. 1.1.2 : . changes by Renaud Deraison (deraison at nessus.org) : - added the plugin 'webmirror.nasl', which extracts the list of CGIs used by a remote web server (and will do much more). - fixed a problem in NASL due to the SSL patch that would cause a fd leak with some plugins. - added a new plugin category (ACT_DESTRUCTIVE_ATTACK) for plugins that may harm the remote host. - SSL certificates & key can be imported - corrected a bug introduced in 1.1.0 that would make the client not display the name of the plugin currently being run. - sending signal SIGUSR1 to nessusd makes the grandfather process (the one who listens on tcp ports) die without killing its children, thus allowing a smooth upgrade of nessusd - updated config.guess and config.sub 1.1.1 : . changes by Renaud Deraison (deraison at nessus.org) : - fixed mem leaks in NASL - fixed a bug introduced in 1.1.0 regarding recv_line() - fixed a bug introduced in 1.1.0 in the process management of the plugins (all the KB would not be filled, resulting in incomplete tests) - smb_sid2user.nasl is twice as fast ;) 1.1.0 : . changes by Devin Kowatch (devink at SDSC.EDU) : - fixed communication problem between client and server - user-defined timing policy in nmap - nessus-update-plugins uses wget (or any user-supplied command at compilation time) if available. . changes by Michel Arboi (arboi at bigfoot.com) : - support for the -T option of nmap - SSL support . changes by Zorgon (zorgon at antionline.org) : - support for the --os_guess option of nmap . changes by Renaud Deraison (deraison at nessus.org) : - the user can upload files to plugins through the client (ie: it is possible to upload nmap's results directly to the nmap plugin) - tests can be run in parallel now - each user is now granted a home by nessus-adduser - added nessus-rmuser - per users plugins Of course several new plugins were added as well.
2001-12-30Update libnasl, nessus{-core,-plugins,-libraries} to 1.0.10.frueauf1-2/+2
1.0.10 : Changes by Michael Scheidell <scheidell@fdma.com> : - Backported Nessus 1.1.x plugins changes in nessus-plugins Changes by Renaud Deraison <deraison@nessus.org> : - Minor fixes
2001-11-01Move pkg/ files into package's toplevel directoryzuntum3-2/+2
2001-08-16Update libnasl and nessus{-core,-libraries,plugins} to 1.0.9.frueauf1-2/+2
- increased login timeout - fixed a possible deadlock in libpeks - fixed a bug which would cause the client to crash when sending a too long plugin list - fixed the 'too many plugins selected' bug that would make the client crash - workaround for a Linux bug^H^H^Hfeature that makes recv() behave completely differently than the rest of the world (thanks to Andreas Steinmetz) - fixed http://install.nessus.org to better work on Solaris - various minor issues - several new plugins
2001-06-17Update nessus to 1.0.8.frueauf1-2/+2
- various bugfixes - fixed fd leak in KB and session saving - possibly fixed connections problems between the client and the server - updated config.guess and config.sub - many new plugins
2001-04-19Remove a file which was committed in error.agc1-2/+0
2001-04-17+ move the distfile digest/checksum value from files/md5 to distinfoagc3-8/+2
+ move the patch digest/checksum values from files/patch-sum to distinfo
2001-03-10Sources of release "1.0.7a" are in sub directory "src", update mastertron1-16/+16
site list accordingly.
2001-03-10Update nessus to 1.0.7a.frueauf1-2/+2
Mainly some minor bugfixes and 6 new plugins. Unfortunatly no entry in CHANGELOG for this minor update.
2001-02-17Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.wiz2-2/+3
2001-01-28Fix the ftp direcory name. the src part is gone and at least one frenchveego1-15/+16
mirrot is also gone. Add two other mirrors.
2001-01-28Update nessus to 1.0.7.frueauf1-2/+2
Besides several new plugins, the following changed since 1.0.6: . changes by Jordan Hrycaj (jordan at nessus.org) : - added support for iana port 1241 while 3001 open at the same time, nin-compat mode (disabling 3001) as sn experimantal configure option - nessus-adduser allows to create local users with immediate key exchange (no passphrase procedure needed) - nessusd allows to speciphy user logins with netmasks (as with the public key tags and passwords) in the nessusd.users file - some options added to nessus, and nessusd - you can force the compilation/installation of the getopt_long() function(s) by a configure option . changes by Renaud Deraison (deraison at nessus.org) : - http virtual hosts can now be tested - user-modifiable per-plugin timeout - detached scans can now be stopped from the client - fixed issues in detached scan - implemented plugins_reload() which loads new plugins in memory - get_host_name() returns the name of host, as entered by the user (and not a resolve(ip(name_of_host))) - added the function cgibin() in NASL, which returns the paths to use to get to the CGIs (default : /cgi-bin) . changes by Loren Bandiera (lorenb at shelluser.net) : - XML output improved
2000-11-12Update nessus to 1.0.6.frueauf1-2/+2
. changes by Renaud Deraison (deraison at nessus.org) : - detached scans can send their result to a given email address (experimental, see http://www.nessus.org/doc/detached_scan.html) - diff scan (experimental - see http://www.nessus.org/doc/diff_scan.html) - probably fixed a bug which would prevent, under rare circumstances, a scan to finish - NASL plugins can have no timeout - minor change in the LaTeX report - Support for Sun Workshop 5 compiler - IRIX 6.2 support - HP/UX 10.20 support - Fixed a problem in report saving (saving as HTML would produce an XML file) - thanks to Scott Nichols (Scott.Nichols at globalintegrity.com) . changes by Jordan Hrycaj (jordan@mjh.teddy-net.com) - Fixed a problem in the random number generator
2000-10-15Update nessus to 1.0.5.frueauf1-2/+2
. changes by Renaud Deraison (deraison at nessus.org) : - added experimental KB saving, to prevent the audit to restart from scratch between two tests. See http://www.nessus.org/doc/kb_saving.html for details - added experimental detached scans. See http://www.nessus.org/doc/detached_scan.html for details - bug in the test of DoS attacks fixed (thanks to Christophe Grenier, Christophe.Grenier@esiea.fr) - minor changes in nessus-adduser - scripts that open a UDP socket read the result of a UDP scan first - when it receives a SIGHUP, nessusd first frees memory. It also closes and re-opens the nessusd.messages file - the plugin timeout is now user definable, in nessusd.conf - 64 bit compatible (nessusd would produce warnings when running on some 64 bit architectures). Thanks to the SuSE (http://www.suse.de) team for having given me access to an IA-64 to compile and try Nessus. . Changes by Jordan Hrycaj <jordan@mjh.teddy-net.com> - faster cipher layer . Other changes : - a GTK error would sometime be produced when the client is run in batch mode (Cyril Leclerc <cleclerc at boreal-com.fr>)
2000-08-06master site moved stuffhubertf1-15/+15
2000-08-03Update nessus to 1.0.4.frueauf1-2/+2
What is new in Nessus 1.0.4 : changes by Christoph Puppe (pluto at defcom-sec.com) : added "Sort by Port" to the report window. Reports are sorted first by holes, then by warnings, then by notes. Previous version only sorted by holes. changes by Renaud Deraison (renaud at nessus.org) : ftp related checks : the user can now supply a login/password for the ftp checks, and relies on the ftp banner if nessusd can't log into the ftp server (requested by Jens.Oeser at connector.de). libnessus : ftp_log_in() would sometime fail against some ftp servers better handling of large reports on the client side tests are saved on the server side and can be restored. Note that this is experimental and disabled by default. Do ./configure --enable-save-sessions to enable this feature, and read doc/session_saving.txt for details. better handling of targets with multiple web servers running continue to launch the DoS if the state of the remote host can not be determined fixed a bug in smb_login_as_users.nasl, and improved smb_accessible_shares.nasl added checks for unpassworded MySQLs and PostgreSQL databases nessusd uses less memory changes by Pavel Kankovsky (peak at argo.troja.mff.cuni.cz) : fixed a possible deadlock in the nessusd internal communication fixed a problem in the client that would make it crash if it received a malformed message from the server the client would not detect the death of the server when run in batch mode possible header confusion (with regex.h) fixed possible signal deadlock when exiting fixed Other changes : fixed a problem in the function is_cgi_installed() that may sometime not work against odd clients (Thomas Reinke (reinke at e-softinc.com)) fixed a bug in snmp_default_communities.nasl (Lionel Cons (lionel.cons at cern.ch)) fixed showmount.nasl (Paul Ewing Jr. (ewing at ima.umn.edu)) typo in showmount.nasl would prevent it to work over udp (ctor at krixor.xy.org)
2000-07-30Update nessus to 1.0.3.frueauf11-346/+68
Main change is the splitup into libnasl, nessus-libraries, nessus-core and nessus-plugins. Too many changes come with 1.0.3, but most noteable the number of checked security vulnerabilities increased and got updated. This is based on work Hubert Feyrer did on some former version.
2000-02-05RCS tags addedwiz3-0/+3
1999-10-22Use wildcard dependence for "gtk+" package.tron1-2/+2
1999-08-28Update dependency on gtk+-1.2.4rh1-2/+2
1999-08-20fix orderhubertf1-2/+2
1999-07-09Add package patch checksum files.agc1-0/+6
1999-05-02Update dependence for "gtk+" package to version 1.2.2.tron1-2/+2
1999-04-26add USE_X11=yesgarbled1-1/+2
1999-04-16Update dependence for "gtk+" package to version 1.2.1.tron1-2/+2
1999-03-23Adjust MASTER_SITES (the daily nessus-stable tar-file doesn't seem to bebouyer1-2/+2
fetchable from http).
1999-03-22Patches needed for 1.3.3.bouyer3-0/+97
1999-03-22Update to 990318.bouyer3-7/+16
1999-03-04Update dependence for "gtk+" package.tron1-2/+2
1999-02-10pkglint: cleanup Makefile and add missing rcs id.frueauf2-2/+4
1999-02-08Network security scannerhubertf6-0/+238