Facebook Google Plus Twitter LinkedIn YouTube RSS Menu Search Resource - BlogResource - WebinarResource - ReportResource - Eventicons_066 icons_067icons_068icons_069icons_070

Tenable Announces the Release of Nessus 2.2.7

March 7, 2006

Columbia, MD

Nessus 2.2.7 contains several fixes for bugs which have been found during the 3.x developement process and have been backported to this branch. It also slightly extends the NASL language by adding support for arrays of arrays. We will use this feature in some key plugins (SMB in particular) within 6 months, so you should definitely upgrade to 2.2.7 or 3.0.x. Here is the list of changes:

nessus-libraries:

  • Fixed a NULL pointer dereferencement in the BPF server (this mostly affects OpenBSD and FreeBSD < 5)
  • The 'service' functions now only deal with the services file provided with Nessus (instead of using a mix of /etc/services and others)

libnasl:

  • Fixed off-by-one bugs in insstr() and str_replace() which would sometimes prevent these two functions from properly dealing with the last character of a string
  • Fixed tcp_ping() which was too aggressive and may therefore sometimes miss a live host
  • Fixed a bug in send() which would not properly validate the value of the 'length' variable
  • Now handle arrays of arrays
  • Fixed open_priv_sock_tcp() which would report a successful connection when timing out

nessusd:

  • Properly install the file 'nessus-services' in $prefix/var/nessus/
  • Bigger buffer when receiving preferences from the client (to avoid a possible truncation of the plugin list in the future)
  • Fixed a bug in the preferences parser which would cause nessusd to die on startup when processing a malformed preference file

nessus client:

  • Fixed an unlikely but potential segmentation fault when viewing the report in the GUI
  • Erase the credentials from memory after having used them (thanks to Sumiut Siddhart for noticing this)

plugins:

  • Fixed several bugs in find_services.c which would not properly set the key Transport/SSL or which may read some data beyond its buffer
  • Fixed a bad #if/#endif clause in nessus_tcp_scanner.c which prevented it from recomputing the RTT, hence negatively impacting the performance
  • nmap.nasl has been removed from the main distribution (to use nmap from within Nessus, read this page)

  More

About Tenable

Tenable™, Inc. is the Cyber Exposure company. Over 23,000 organizations of all sizes around the globe rely on Tenable to manage and measure their modern attack surface to accurately understand and reduce cyber risk. As the creator of Nessus®, Tenable built its platform from the ground up to deeply understand assets, networks and vulnerabilities, extending this knowledge and expertise into Tenable.io™ to deliver the world’s first platform to provide live visibility into any asset on any computing platform. Tenable customers include more than 50 percent of the Fortune 500, large government agencies and mid-sized organizations across the private and public sectors. Learn more at tenable.com.

Contact Information:

Cayla Baker
[email protected]
(443) 539-6476