How do I go about downloading Nessus 3.0.2? Is it available on your web
site to licensed customers?
Jon Scarantino
Network Manager
Fidelity Information Services
ACBS Group
858-703-2410
Blackberry 858-837-1976
jscarant@acbs.com
-----Original Message-----
From: nessus-announce-bounces@list.nessus.org
[mailto:nessus-announce-bounces@list.nessus.org] On Behalf Of Renaud
Deraison
Sent: Tuesday, March 07, 2006 9:15 AM
To: Nessus List; nessus-announce@list.nessus.org
Subject: [Nessus-announce] Nessus 3.0.2 / 2.2.7 released !
Hi,
Tenable is happy to announce the availability of Nessus 3.0.2 and 2.2.7.
Both versions contain improvements and bug fixes over their previous
iteration.
Nessus 3.0.2
-------------
Nessus 3.0.2 provides further improvements over the previous release,
and also fixes several bugs :
nessusd :
- Fixed a problem causing the scan to hang if max_checks was set to a
value which is way too high
- Plugged a small memory leak occuring when re-using the same connection
to perform an additional scan
- Plugged a small memory leak in the plugins scheduler
- Fixed bug#1426 (crash on startup when processing a malformed
nessusd.conf file)
- Improved the 'default' list of ports to scans with a new file
'nessus-services'
nessus :
- 'nessus -V' (verbose) works again
nasl :
- A new function, inject_packet(), can write directly to layer 2
- The function 'end_denial()' would not work when used in command- line
mode
- Fixed a potential bus error occuring on memory exhaustion
- Fixed an integer overflow causing a segfault when processing some kind
of malformed script
libnessus :
- Fixed a bug in the SSL transport layer which may cause
find_services.nes to hang longer than expected on SSL_read()
- Fixed the function in charge of getting the list of network interfaces
which would get a wrong netmask when dealing with an interface alias
plugins :
- Fixed several bugs in find_services.c which would not properly set the
key Transport/SSL or which may read some data beyond its buffer
- Fixed a bad #if/#endif clause in nessus_tcp_scanner.c which prevented
it from recomputing the RTT, hence negatively impacting the performance
- nmap.nasl has been removed from the main distribution (to use nmap
from within Nessus, read <http://www.nessus.org/u?e56c945b>)
Nessus 2.2.7
-------------
Several fixes for bugs which have been found during the 3.x developement
have been backported to Nessus 2.2.7.
Nessus 2.2.7 also slightly extends the NASL language by allowing it to
return arrays of arrays.
** We will use this functionality in some key plugins (SMB in
particular) within six months, so you should definitely upgrade to
2.2.7 or 3.0.x. **
nessus-libraries :
- Fixed a NULL pointer dereferencement in the BPF server (this mostly
affects OpenBSD and FreeBSD < 5)
- The 'service' functions now only deal with the services file provided
with Nessus (instead of using a mix of /etc/services and
others)
libnasl :
- Fixed off-by-one bugs in insstr() and str_replace() which would
sometimes prevent these two functions from properly dealing with the
last character of a string
- Fixed tcp_ping() which was too aggressive and may therefore sometimes
miss a live host
- Fixed a bug in send() which would not properly validate the value of
the 'length' variable
- Now handle arrays of arrays
- Fixed open_priv_sock_tcp() which would report a successful connection
when timing out
nessusd :
- Properly install the file 'nessus-services' in $prefix/var/nessus/
- Bigger buffer when receiving preferences from the client (to avoid
a possible truncation of the plugin list in the future)
- Fixed a bug in the preferences parser which would cause nessusd to
die on startup when processing a malformed preference file
nessus :
- Fixed an unlikely but potential segmentation fault when viewing the
report in the GUI
- Erase the credentials from memory after having used them (thanks to
Sumiut Siddhart for noticing this)
plugins :
- Fixed several bugs in find_services.c which would not properly set
the key Transport/SSL or which may read some data beyond its buffer
- Fixed a bad #if/#endif clause in nessus_tcp_scanner.c which
prevented it from recomputing the RTT, hence negatively impacting the
performance
- nmap.nasl has been removed from the main distribution (to use nmap
from within Nessus,
read <http://www.nessus.org/u?e56c945b>)
-- Renaud
_______________________________________________
Nessus-announce mailing list
Nessus-announce@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus-announce
_______________________________________________
Nessus mailing list
Nessus@list.nessus.org
http://mail.nessus.org/mailman/listinfo/nessus
