Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Announces the Release of Nessus 2.2.7

March 7, 2006

Columbia, MD

Nessus 2.2.7 contains several fixes for bugs which have been found during the 3.x developement process and have been backported to this branch. It also slightly extends the NASL language by adding support for arrays of arrays. We will use this feature in some key plugins (SMB in particular) within 6 months, so you should definitely upgrade to 2.2.7 or 3.0.x. Here is the list of changes:

nessus-libraries:

  • Fixed a NULL pointer dereferencement in the BPF server (this mostly affects OpenBSD and FreeBSD < 5)
  • The 'service' functions now only deal with the services file provided with Nessus (instead of using a mix of /etc/services and others)

libnasl:

  • Fixed off-by-one bugs in insstr() and str_replace() which would sometimes prevent these two functions from properly dealing with the last character of a string
  • Fixed tcp_ping() which was too aggressive and may therefore sometimes miss a live host
  • Fixed a bug in send() which would not properly validate the value of the 'length' variable
  • Now handle arrays of arrays
  • Fixed open_priv_sock_tcp() which would report a successful connection when timing out

nessusd:

  • Properly install the file 'nessus-services' in $prefix/var/nessus/
  • Bigger buffer when receiving preferences from the client (to avoid a possible truncation of the plugin list in the future)
  • Fixed a bug in the preferences parser which would cause nessusd to die on startup when processing a malformed preference file

nessus client:

  • Fixed an unlikely but potential segmentation fault when viewing the report in the GUI
  • Erase the credentials from memory after having used them (thanks to Sumiut Siddhart for noticing this)

plugins:

  • Fixed several bugs in find_services.c which would not properly set the key Transport/SSL or which may read some data beyond its buffer
  • Fixed a bad #if/#endif clause in nessus_tcp_scanner.c which prevented it from recomputing the RTT, hence negatively impacting the performance
  • nmap.nasl has been removed from the main distribution (to use nmap from within Nessus, read this page)

  More

About Tenable

Tenable®, Inc. is the Cyber Exposure company. Over 24,000 organizations around the globe rely on Tenable to understand and reduce cyber risk. As the creator of Nessus®, Tenable extended its expertise in vulnerabilities to deliver Tenable.io®, the world’s first platform to see and secure any digital asset on any computing platform. Tenable customers include 53 percent of the Fortune 500, 29 percent of the Global 2000 and large government agencies. Learn more at tenable.com.

Contact Information:

Cayla Baker
[email protected]
(443) 539-6476

Stay up to date!

Subscribe to our email alerts for new press releases.

Subscribe for press release updates

Try for Free Buy Now

Try Tenable.io Vulnerability Management

FREE FOR 60 DAYS

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Sign up now and run your first scan within 60 seconds.

Buy Tenable.io Vulnerability Management

Enjoy full access to a modern, cloud-based vulnerability management platform that enables you to see and track all of your assets with unmatched accuracy. Purchase your annual subscription today.

65 assets

Try Nessus Professional Free

FREE FOR 7 DAYS

Nessus® is the most comprehensive vulnerability scanner on the market today. Nessus Professional will help automate the vulnerability scanning process, save time in your compliance cycles and allow you to engage your IT team.