| Age | Commit message (Collapse) | Author | Files | Lines |
|---|
|
Switch to MASTER_SITE_SOURCEFORGE.
|
|
|
|
1.1.15/1.2.0 :
. changes by Nicolas Dubee (ndubee@secway.com) :
- Better support for AF_UNIX sockets
. changes by Brian (bmc@snort.org) :
- CVE references
- several bugfixes in the plugins
. changes by Peter Gründl (pgrundl@kpmg.dk) and
Carsten Joergensen (carstenjoergensen@kpmg.dk) :
- Extensive review of the plugins and therefore numerous fixes
. changes by Axel Nennker (Axel.Nennker@t-systems.com)
- FD leak in save_kb.c fixed
. changes by Renaud Deraison (deraison at nessus.org)
- It is now possible to upload files to the server when using
the command line client
- lrand48() portability problems worked around
- fixed a bug in the report window that would make it crash
randomly
1.1.14 :
. changes by Renaud Deraison (deraison at nessus.org)
- SMB fixes (thanks to Michael Scheidell)
- When the safe checks option is enabled, dangerous tests with no
alternate code (ie: plugins of type ACT_DESTRUCTIVE_ATTACK and
ACT_DENIAL) are disabled
- Hosts can be designated by their MAC address of instead of their
IP address (mostly useful for DHCP networks)
- Fixed a bug in the report generation which would replace newlines (\n)
by semi-columns (;)
- Fixed a bug in the export of some types of reports, where open ports
with no data associated would not be saved
- Integrated THC's Hydra as a Nessus plugin
- Added new NT security checks (related to user management)
- Plugins of type ACT_SETTINGS can not be disabled
- Fixed a bug which would make nessusd hang when a scanner was reporting
too many open ports (as when a UDP scan reports all UDP ports as
being open)
. changes by Dion Stempfley (dion at riptech.com)
- The client can now filter on category
. changes by Axel Nennker (Axel.Nennker@t-systems.com)
- Fixed some plugins causing error messages in some circumstances
(dns_xfer.nasl, snmp_processes.nasl...)
- Stylish changes to prevent gcc -Wall from whining in some files
- XML NG output is now XML compliant
- Bug fixes
. changes by Jenni Scott (jenni.scott@guardent.com) and
Michael Slifcak (michael.slifcak@guardent.com) :
- Improved the reporting of the plugins (better consistency, better
wording)
1.1.13 :
. changes by Michel Arboi (arboi at algoriel.fr)
- New family ACT_SETTINGS dedicated to plugins which just let the user
enter some preferences
- Optional NIDS evasion techniques (url encoding, tcp slicing)
. changes by Renaud Deraison (deraison at nessus.org)
- Fixed a bug in the command line client which would make it ignore
some preferences
- SMB checks can now log into a Windows domain
- NIDS evasion techniques (data injection, short ttl)
- Fixed a bug which would randomly stall the scan
1.1.12 :
. changes by Renaud Deraison (deraison at nessus.org)
- Workarounds on FreeBSD to prevent a kernel panic
(thanks to Michael Scheidell and Stefan Esser)
- nessus can export reports as other file formats again
1.1.11 :
. changes by Renaud Deraison (deraison at nessus.org)
- Fixed a bug regarding the saving of reports from the GUI
- Improved the backend in many ways (speed-wise, content-wise)
- Changes in the protocol
- More messages are sent between the server and the client (timestamps,
plugins version, ...)
- New .nbe file format, which looks like .nsr but has more information
in it
- Plugins now have versions numbers.
- The user can upload his plugins to the nessusd server from the client
- It is now possible to upload files to the server (ie: nmap's results) in
command-line mode
- Fixed false positives in SNMP plugins when launched against a non-configured
Solaris snmpd
. changes by Guillaume Valadon (guillaume at valadon.net)
- New XML output (the XML layout was defined by Lionel Cons [lionel.cons at cern.ch])
1.1.10 :
. changes by Renaud Deraison (deraison at nessus.org)
- Fixed a bug introduced in 1.1.9 which would sometimes prevent a user from
aborting an on-going test
- Fixed a bug in the client which would prevent the user from setting a port
range longer than 255 chars
- Fixed bugs in pcap_next() (thanks to Richard van den Berg). Also, pcap_next() is now more flexible.
- Fixed a bug in the command line client which would make it close the
communication too early when the client - server communication is not
ciphered
- Added an "auto-load dependencies at runtime" option
1.1.9 :
. changes by Renaud Deraison (deraison at nessus.org)
- Fix in the GUI, when closing a saved report
- Fixed a bug in ftp_log_in() which would prevent nasl script from
logging into some FTP servers
- Solaris build problems fixed
- Darwin 1.4.1 build problems fixed
- MkLinux DR3 build problems fixed (is anyone using it anymore ?)
- GTK 1.0.x build problems fixed (the use of GTK 1.2 is recommended though)
- Fixed the "wrong call to getopt" problem which would make Nessus
segfault when built with cygwin, and which would prevent options
from working under Solaris & FreeBSD (thanks to Udo Schweigert)
- SMB checks speedup (thanks to Georges Dagousset's suggestion)
- Fixed a bug in the client - server communication that would make the
server close the communication when the client is idle
- Better support for AF_UNIX socket for client-server communication
(compile nessus-core with ./configure --enable-unix-socket)
- Plugins are disabled by default in batch mode
. changes by Michel Arboi (arboi at algoriel.fr)
- Client now properly checks the certificate of the server
. changes by Benoit Brodard (bbrodard at arkoon.net)
- fixed bugs in nasl/tcp.c (checksum, handling of unsigned int)
1.1.8 :
. changes by Renaud Deraison (deraison at nessus.org)
- Workaround for systems with a low number of bpfs (OpenBSD, Darwin)
- Added some length checks for SMB checks
- No more zombies
- Fixed accounts.nes
- Fixed the reporting of the client (reports would be mixed)
- Client removes tempfiles when exiting
- Repaired ptyexecvp() which would not work on Solaris
- Slight bugfix in the NASL interpretor
. changes by Georges Dagousset (georges at alert4web.com)
- More optimizations
- Properly reloads KBs with the same value defined more than once
- Fixes in some plugins dependencies
. changes by Michael Slifcak <Michael.Slifcak at guardent.com>
- More nmap options
- Quiet mode in nessus-adduser
1.1.7 :
. changes by Renaud Deraison (deraison at nessus.org)
- Compiles on platforms without OpenSSL
- Better Solaris support
- Ported under Darwin (many thanks to Dieter Fiebelkorn
(dieter at fiebelkorn.net) who actually started the port and helped
me test this)
- Unscanned ports can now be considered as closed or open (instead of
just open), at user choice
- Upgraded to libtool 1.4.2
- fixed a bug in the client which would make it display the wrong report
when doing multiple scans
- enhanced the plugins filter (that appear when pressing 'l' in the GUI)
- fixed a serious problem in the SMB plugins which would prevent them to work
against Samba and which would make them slow against Windows (pointed out
by Georges Dagousset)
. changes by Iouri Pletnev (Iouri.Pletnec at xacta.com)
- Ported under Cygwin
. changes by Michel Arboi (arboi at algoriel.fr)
- Added nessus-mkrand for hosts with no /dev/random AND no EGD
running
1.1.6 :
. changes by Renaud Deraison (deraison at nessus.org)
- EGD support for OpenSSL (do ./configure --enable-egd=/path/to/egd/socket
in nessus-libraries)
- KB items are now stored with individual dates instead of a global
date for the whole KB file. Yes, this means you have to delete your
old KB files
- When an host could not be pinged, his KB is not altered (nor created)
- fixed memory leaks in nessusd
- nessus-mkcert checks that the certificates were really created
before congratulating the user
- fixed a security problem where anybody with a shell on the nessusd
host could log in
1.1.5 :
. changes by Georges Dagousset (georges.dagousset at alert4web.com) :
- new KB entries for further "optimizations"
- improved find_services.nes
. changes by Renaud Deraison (deraison at nessus.org) :
- cleaned up the KB
- added doc/kb_entries.txt
- bugfix in find_services regarding the pem password
- new reporting GUI
- fixed a problem which would leave some plugin run against a host
considered as dead
- the KB are now stored with properly escaped \n and \r chars
- greatly improved tcp_ping.nasl (and tcp_ping() in libnasl)
. changes by Michel Arboi (arboi at algoriel.fr) :
- replaced PEKS by OpenSSL in the client/server communication
. changes by H D Moore (hdm@secureaustin.com)
- fixed no404.nasl
1.1.4 :
. changes by Renaud Deraison (deraison at nessus.org) :
- fixed find_services.nes
- plugins that are slow to finish are _really_ killed by the server
- the client better handles the scan of big networks
- nmap_wrapper now updates its progress bar
- nessus-update-plugins support proxies (with or without authentication)
- monitor_backend.c and data_mining.c allow any developer to plug
a database behind the client (by default flatfiles are used)
- bug fixed in nmap_wrapper which would make it kill its parent
process randomly
- minor fix in the tcp_ping() function of NASL (ack would be set
to non-zero for a syn packet)
- fixed Alexis's ftp_write_dirs.nes & ftp_bounce_scan.nes
. changes by Michel Arboi (arboi at noos.fr) :
- find_services accepts password-protected .pem files
- patches in the way files were transmitted between the client
and the server (which could end up in a deadlock)
. changes by Alexis de Bernis <alexisb at tpfh.org) :
- fixed ftp_write_dirs.nes
1.1.3 :
. changes by Renaud Deraison (deraison at nessus.org) :
- added the plugin 'torturecgis.nasl' which supplies bogus args to
the remote CGIs, in order to find the most blantantly broken
ones
- webmirror.nasl now retrieves the list of arguments of each
CGI.
- added filter support in the client. Use the key 'l' to filter
out plugins you don't want to see.
- added the 'safe checks' option which allow the user to not disturb
the network (but which weakens the Nessus tests)
- disabled backward support for port 3001 - the official port
is 1241 now.
1.1.2 :
. changes by Renaud Deraison (deraison at nessus.org) :
- added the plugin 'webmirror.nasl', which extracts the list of
CGIs used by a remote web server (and will do much more).
- fixed a problem in NASL due to the SSL patch that would cause
a fd leak with some plugins.
- added a new plugin category (ACT_DESTRUCTIVE_ATTACK) for plugins
that may harm the remote host.
- SSL certificates & key can be imported
- corrected a bug introduced in 1.1.0 that would make the client not display
the name of the plugin currently being run.
- sending signal SIGUSR1 to nessusd makes the grandfather process (the one
who listens on tcp ports) die without killing its children, thus
allowing a smooth upgrade of nessusd
- updated config.guess and config.sub
1.1.1 :
. changes by Renaud Deraison (deraison at nessus.org) :
- fixed mem leaks in NASL
- fixed a bug introduced in 1.1.0 regarding recv_line()
- fixed a bug introduced in 1.1.0 in the process management of the plugins
(all the KB would not be filled, resulting in incomplete tests)
- smb_sid2user.nasl is twice as fast ;)
1.1.0 :
. changes by Devin Kowatch (devink at SDSC.EDU) :
- fixed communication problem between client and server
- user-defined timing policy in nmap
- nessus-update-plugins uses wget (or any user-supplied command at
compilation time) if available.
. changes by Michel Arboi (arboi at bigfoot.com) :
- support for the -T option of nmap
- SSL support
. changes by Zorgon (zorgon at antionline.org) :
- support for the --os_guess option of nmap
. changes by Renaud Deraison (deraison at nessus.org) :
- the user can upload files to plugins through the client (ie: it is possible
to upload nmap's results directly to the nmap plugin)
- tests can be run in parallel now
- each user is now granted a home by nessus-adduser
- added nessus-rmuser
- per users plugins
Of course several new plugins were added as well.
|
|
Changes since 2.4.18:
- Corrected nasty bug in init code
- Corrected problems in Makefiles
- Minor bug fixes
- Corrected bug in mcrypt_module_open()
- Cleanups in the code.
|
|
|
|
* Secret keys are now stored and exported in a new format which
uses SHA-1 for integrity checks. This format renders the
Rosa/Klima attack useless. Other OpenPGP implementations might
not yet support this, so the option --simple-sk-checksum creates
the old vulnerable format.
* The default cipher algorithm for encryption is now CAST5,
default hash algorithm is SHA-1. This will give us better
interoperability with other OpenPGP implementations.
* Symmetric encrypted messages now use a fixed file size if
possible. This is a tradeoff: it breaks PGP 5, but fixes PGP 2,
6, and 7. Note this was only an issue with RFC-1991 style
symmetric messages.
* Photographic user ID support. This uses an external program to
view the images.
* Enhanced keyserver support via keyserver "plugins". GnuPG comes
with plugins for the NAI LDAP keyserver as well as the HKP email
keyserver. It retains internal support for the HKP HTTP
keyserver.
* Nonrevocable signatures are now supported. If a user signs a
key nonrevocably, this signature cannot be taken back so be
careful!
* Multiple signature classes are usable when signing a key to
specify how carefully the key information (fingerprint, photo
ID, etc) was checked.
* --pgp2 mode automatically sets all necessary options to ensure
that the resulting message will be usable by a user of PGP 2.x.
* --pgp6 mode automatically sets all necessary options to ensure
that the resulting message will be usable by a user of PGP 6.x.
* Signatures may now be given an expiration date. When signing a
key with an expiration date, the user is prompted whether they
want their signature to expire at the same time.
* Revocation keys (designated revokers) are now supported if
present. There is currently no way to designate new keys as
designated revokers.
* Permissions on the .gnupg directory and its files are checked
for safety.
* --expert mode enables certain silly things such as signing a
revoked user id, expired key, or revoked key.
* Some fixes to build cleanly under Cygwin32.
* New tool gpgsplit to split OpenPGP data formats into packets.
* New option --preserve-permissions.
* Subkeys created in the future are not used for encryption or
signing unless the new option --ignore-valid-from is used.
* Revoked user-IDs are not listed unless signatures are listed too
or we are in verbose mode.
* There is no default comment string with ascii armors anymore
except for revocation certificates and --enarmor mode.
* The command "primary" in the edit menu can be used to change the
primary UID, "setpref" and "updpref" can be used to change the
preferences.
* Fixed the preference handling; since 1.0.5 they were erroneously
matched against against the latest user ID and not the given one.
* RSA key generation.
* It is now possible to sign and conventional encrypt a message (-cs).
* The MDC feature flag is supported and can be set by using
the "updpref" edit command.
* The status messages GOODSIG and BADSIG are now returning the primary
UID, encoded using %XX escaping (but with spaces left as spaces,
so that it should not break too much)
* Support for GDBM based keyrings has been removed.
* The entire keyring management has been revamped.
* The way signature stati are store has changed so that v3
signatures can be supported. To increase the speed of many
operations for existing keyrings you can use the new
--rebuild-keydb-caches command.
* The entire key validation process (trustdb) has been revamped.
See the man page entries for --update-trustdb, --check-trustdb
and --no-auto-check-trustdb.
* --trusted-keys is again obsolete, --edit can be used to set the
ownertrust of any key to ultimately trusted.
* A subkey is never used to sign keys.
* Read only keyrings are now handled as expected.
|
|
|
|
|
|
|
|
April 22, 2002
New releases of RATS and EGADS
RATS 1.4 and EGADS 0.9 have been released. In addition to bugfixes for
both RATS and EGADS, RATS 1.4 includes additional win32 functions in
the database.
|
|
- Fixed COMMENT
- Updated DESCR
Changes :
- The SvPVbyte in perl-5.6.1 is buggy. Use the one from 5.7.3
instead.
- Give warning if the function interface is used as instance
methods: $md5->md5_hex().
|
|
the latter is not appropriate. The former defaults to the latter.
Bump version to 1.12. Per discussion with Alistair Crooks.
|
|
file descriptor leak fix.
null encryption algorithm key length fix (should use 0).
couple of null-pointer reference fixes.
set port # to 500 in ID payload (possible interop issue - spec is unclear).
correctly match address pair on informational exchange.
|
|
http://www.globalintersec.com/adv/sudo-2002041701.txt
(Approved by hubertf.)
|
|
in NetBSD 1.5.x.
|
|
|
|
* a lot of bug fixes
|
|
- fmt on DESCR
Changes :
- calling context_init twice destroyed global context. fix from
Jason Heiss <jheiss@ofb.net>.
- file handle tying interface implementation moved to a separate
class to prevent problems resulting from self-tying filehandles.
Harmon S. Nine <hnine@netarx.com>.
- docs/debugging.txt file added
- require Net::SSLeay v1.08
- preliminary support for non-blocking read/write
- socketToSSL() now respects context's SSL verify setting
reported by Uri Guttman <uri@stemsystems.com>.
|
|
- change my email address
Changes since p5-Net-SSLeay-1.13 :
- added code to Makefile.PL to verify that the same C compiler
is used for both perl and openssl
- added code to Makefile.PL to support aCC on HPUX. Detective
work contributed by Marko Asplund.
- added peer certificate support to hilevel API, inspired
by mock@@_obscurity.org
- added `use bytes' from Marcus Taylor <marcus@@semantico_.com>
This avoids unicode/utf8 (as may appear in some XML docs)
from fooling the length comuptations.
|
|
|
|
|
|
|
|
This time dat-4196.
|
|
Stephen Borrill <netbsd@precedence.co.uk>.
|
|
|
|
newer libmcrypt (>=2.4.x) seem to cause core dumps.
Import approved by Alistair <agc@netbsd.org>.
|
|
and so needs the emulation packages if we run on a later release.
|
|
|
|
OK'd by martti and garbled.
Changelog:
04 Mar 2002; changed license from "GPL, v2 or later" to "GPL v2".
04 Mar 2002; added "keychain.cygwin" for Cygwin systems. It may be time to
follow this pattern and start building separate, optimized scripts for each
platform so they don't get too sluggish. Maybe I could use a C preprocessor
for this.
06 Dec 2001; several people: Solaris doesn't like '-e' comparisons; switched
to '-f'
|
|
o move virus definitions
|
|
Rationale: get rid of the dependency on kth-krb4 on NetBSD>=1.5 systems.
For older systems, we provide full functionality via a (now buildlinked)
kth-krb4.
|
|
This is a prerequisite step for the new arla version (0.35.7).
While here, buildlinkify.
|
|
|
|
|
|
|
|
- Change DH group handling in the pre-generated parts of the
configuration. Add a -GRP{1,2,5} component to transform and suite
names to directly specify which group to use. If no group is
specified, use DH group 2 (MODP_1024). Earlier transforms and suites
using the MD5 hash defaulted to DH group 1, this is no longer true.
- Unbreak MD5 and SHA1 passphrases in policy check.
- Don't message_dump_raw() bad length messages, i.e too short.
- Fix a couple of snprintf length bugs.
- Compile without warnings for older/newer OpenSSL.
|
|
|
|
This helps on Solaris.
|
|
|
|
so the compiler is killed when it spins.
XXX needs fixing
|
|
|
|
|
|
Rodolphe de SAINT LEGER.
|
|
|
|
PR 15799
NeTraMet Version History
========================
v4.4 20 Feb 02
In examples/ directory, moved old rules.* examples
to non_srl. The srl examples are now in the
examples/ directory.
SNMP security issues. I've tested NeTraMet's
SNMP code using the PROTOS test suite. A test
for negative lengths in the ASN.1 parsing code
has been added - that was the only change needed.
The SNMP routines (in snmplib/) perform a lot of
parameter checks, and calls on an ERROR() define.
By default ERROR does nothing. If you're tesing
an SNMP manager against NeTraMet, you can turn
those messages on by adding -DDEBUG to the CFLAGS=
line in snmplib/Makefile and rebuilding the
snmp library.
Change 'interface number' attributes to use
16-bit integers instead of 8-bit. This can
be useful when using NetFlowMet.
v4.4b11 25 Nov 01 Implement -C option for nm_rc, exactly as in
NeMaC. This allows you to use nm_rc to test
rulesets against trace files being read by
crl_ntm or dd_ntm. Sample commands to do this
are:
./crl_ntm -T5 -m1234 -Strace_file -wW~com
./nm_rc -C -m1234 -rpeers.rules localhost W~com
Note: you need CoralReef version 3.5 to build
crl_ntm!
Speed improvements in flowhash:
- move code which doesn't need to be executed
on every call outside blocks in match()
- implement list of running rulesets, instead
of doing serial searches of ri[] table
- use 32-bit hash values for flow and stream
hash tables, use table size specified by
user (rather than trying to pick a prime
above it - that doesn't help, since we
use a set of distinct primes for hashing)
Use long long integers (8 bytes) for counter64
if the host supports them. Newer Pentiums do,
this provides a useful speedup.
Change 'shutdown' request character. It was
a single ESC, but it's too easy to hit a key
which sends an escape sequence! Now you have
to type ESC ESC Return to shut down the meter.
Fix little problems which gave warning messages
when building NeTraMet on an alpha running
Digital Unix. The configure script wasn't
recognising the OS correctly; this didn't
cause problems because none of the programs
have defines testing this any more.
MinPDUs gave compilation errors on alpha,
fixed by adding c64geint() define.
Linux kernel reset promiscuous mode when
forking a NeTraMet daemon. Changed meter_ux.c
to fork first, then open the interfaces.
NeTraMet, NetFlowMet, LfapMet, crl_ntm, dd_ntm
(i.e. all the meters) write error messages and
summary information to a log file using log_msg(),
in the same way as NeMaC. The name of the log
file is meter.log, it will be written in the
directory where the meter starts running.
v4.4b10 23 May 01 LfapMet: RTFM meter for LFAP, code contributed
by Remco Poortinga, <r.poortinga@home.nl>
Added files in src/meter
- README_LfapMet Notes about LfapMet
- lfapmet.h LfapMet globals
- lfapmet.c LfapMet support routines
Added two new MIB variables to reader row,
MinPDUs (default 0) and TimeMark. A flow must
have at least MinPDUs either to or from before
it will be read by a meter reader. TimeMark
is needed to associate an SNMP getnext request
with a particular reader.
MinPDUs can be set using the -M option.
nifty default is -M20, NeMaC default is -M0
Improved save.sav so that it only saves the
files we really need in the NeTraMet distribution.
v4.4b9 11 Apr 01 Fixed bug in NeMaC include statement.
getarg() no longer allows semicolon in an
argument.
Fixed srl compiler bug; optimise 3 wasn't
recognising the end of AND expressions
properly.
NeMaC could fail to open a flow data file
(e.g. because it already existed with
no write access); it now reports this
and doesn't try to run that meter/ruleset.
NeTraMet Coral interface improved to handle
two Dag cards properly. Reads blocks of
cells from each then merges them by timestamp.
NeTraMet uses -Siii to specify a Coral source
(instead of -C'source iii' *****).
|
|
because of the change to ${MACHINE_GNU_PLATFORM}.
|
|
- USE_GMAKE.
- use tcl's buildlink.mk.
* Release 2.3.1 (2002/03/15)
Changed any potentially unsafe sprintf/vsprintf instances to
snprintf/vsnprintf. There should never have been a remote exploit possible,
this just eliminates any theoretical local ones in case someone has a reason
to run this as root ... (Note that use of these functions may be an issue
on some platforms although they do appear in the UNIX98 spec and exist
on Windows).
Allowed CIDR address specifications for target (and server name in listenmode).
Added IP address checking with the "checkaddress" keyword.
Finally caved in and added "httpproxy" to allow connection via a web proxy
server using "CONNECT".
Added "transparent" keyword to attempt to act as a transparent proxy and
forward on the client IP address. It may work on Linux 2.0/2.2. But then
again, it might not ...
* Release 2.3.0 (2002/03/07)
New functionality (at last!).
Added "listenip" and -b option to set listening address.
Added "tcptimeout" and "idletimeout" to allow inactive TCP tunnels to be
closed.
Added "ipmode" and -U option to support mixed traffic mode for a single
client or server.
Makefile changes for Irix and HPUX from Kyle Dent. Others to use latest
version of mingw gcc and force use of "native" perl.
Note that Zebedee will now be linked with MSVCRT.DLL. That should only
be a problem on an old Win95 machine.
Japanese documentation NOT YET updated.
|
|
Since ruby 1.6.6 and lator have digest/sha1 library.
|
|
|
|
|
