Releases: greenbone/openvas-scanner
Releases · greenbone/openvas-scanner
OpenVAS Scanner v6.0.2
This is the second patch release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.
Main changes compared to openvas-scanner 6.0.1:
- The call to wmiexec.py has been replaced with impacket-wmiexec, because
the symlink has been added in Debian Stretch with python-impacket 0.9.15-1. - An issue which could have caused a truncated string in register_service()
has been fixed. - Improve signal handling when update vhosts list.
- Increase size of buffer for preferences to allow for up to 105K NVTs.
- Perform the scan even if there are missing plugins in the nvticache.
- Drop HTTP sync.
- Use new URL for GCF rsync.
OpenVAS Scanner v7.0.0
Added
- An ID has been added to NVT preferences. #282
- A new NVT cross references data handling has been added. #317
- Add option --scan-stop. #352
- Add support to open an rc4 stream cipher, the function to encrypt stream data using the cipher handle,
and the function to close a handler. #354 - Add one single config for redis to config/redis-openvas.conf. #370
Changes
- Vendor version is now an option in the config file. #363
- The NVT preference format has been changed. #275
- Redis supported versions must be 3.2 or higher. #287
- Log directory is now configurable. #316
- The greenbone-nvt-sync script is not allowed to run as root. #323
- OpenVAS Scanner has been renamed to OpenVAS (Open Vulnerability Assessment Scanner). #337 #343
- Retry until a host finishes and frees a db before running a new host scan, in case there is no free redis db. Therefore a infinite loop has been added when it call kb_new(). #340
- Use new nvti_add_tag() instead of plug_set_tag() and remove plug_set_tag(). #385
- Remove dead code about tags regarding former openvas settings "result_prepend_tags" and "result_append_tags". #386
- Check cache/feed errors during plugin scheduling. #358
- Vendor version is now an option in the config file. #363
- Use API for accessing NVTI elements. #365
Fixed
- An issue with stuck scans where only a single plugin is running and is beyond its timeout has been addressed. #289
- Fix a type mismatch. Use correct format specifier for size_t. #299
- An issue which caused falling back into a default port in get_ssh_port() has been fixed. #342
- An issue which could have caused a truncated string in register_service() has been fixed. #373
- Reset redis connection after the host scan finished. This avoids to leave open fd, which cause ulimit problems. #384
- Fix mis-identification of Sphinx Search service. #387
- Set a key in redis when the scan finishes and fix stop scan using the right pid. #390
- Fix detection of finger service. #391
- Wait for zombie process in case of timed out nvts. #379
- Fix handling of file type nvt preferences. #399
Removed
OpenVAS Scanner v6.0.1
This is the first patch release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.
Main changes compared to openvas-scanner 6.0.0:
- An issue which caused the scanner to crash when a plugin is missing
during a scan has been addressed. - An issue which caused a plugin to hang in nasl_pread() has been addressed.
- Lower-case format is used for values added from add_host_name().
- Do not launch the scan if the nvticache is corrupted or an error is detected
during the plugin schedule process. - Issues in building process have been addressed.
- An issue which caused the manager to consider a scan as finished when it was
actually stopped has been addressed. - An issue which caused possible null IP values in OTP results has been
addressed. - An issue which caused forgotten children of children processes has been
addressed. - The unfinished Advanced log feature has been removed.
- An issue which caused a plugin to finished immediately when a wrong
custom timeout was sent from the manager has been addressed. - An issue which caused a scan to hang for ever if there was no redis kb
available has been addressed. - An issue which caused a plugin to use the default port when a custom port
is given has been addressed.
OpenVAS Scanner v6.0.0
This is the first release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.
This version inherits all elements of the former openvas-libraries that were
used by OpenVAS Scanner only.
Apart from this, the module covers a number of significant advances
and clean-ups.
Main changes compared to openvas-scanner 6.0+beta2:
- Function to get the currently running script filename has been added.
- Debugging nasl mechanism has been improved, replacing preprocessor directives
with g_debug facility. - An issue related to the log facility and greenbone-nvt-sync has been fixed.
- OpenVAS reload has been improved.
- Code related to redis queries was improved.
- An issue which caused nasl-lint to fail in case of unneeded nested functions
has been addressed. - An issue which caused returning erroneous values by
get_plugin_preference() has been addressed. - An issue which cause stuck scans where only a single plugin is running
and is beyond its timeout has been addressed. - Unused internal_send/recv() functions have been removed.
- Issues reported by static code analysis have been addressed.
- Issues in building process have been addressed.
- Several code improvements and clean-ups have been done.
- Documentation has been improved.
OpenVAS Scanner v6.0+beta2
This is the second beta release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.
The module covers a number of significant advances and clean-ups.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Christian Fischer, Matt Mundell, Juan Jose Nicola,
Bjoern Ricks, Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to openvas-scanner 6.0+beta1:
- A new command line option 'scan-start' with a scan ID has been added. This
add support for non-OTP clients. - Handling of vhosts and multiple domain names has been improved.
- Setting 'kb_location' has been renamed to 'db_address'.
- Cleanup of plugin child processes has been improved.
- Routines for tcp and udp required ports checks have been improved.
- An issue caused by password quotation has been addressed.
- Script version has been removed.
- Script copyright has been removed.
- An issue which caused a hanging scan process has been addressed.
- An issue related to WMI_HANDLE which caused a segmentation fault has
been addressed. - NASL get_host_names() API has been added.
- Several code style improvements have been done.
- Several performance improvements have been done.
- The plugin scheduler has been improved.
- Define MAXPATHLEN for specific downstream architectures.
- An issue which caused parameter pollution in certain NASL functions
has been addressed. - NASL function resolve_host_name() has been added.
- Unused preference use_mac_addr has been removed.
- Issues in building process have been addressed.
- Defaults to expand_vhosts if no preference was given is set to
yes. - NASL function get_ssl_compression() has been removed.
- Compatibility mode in GnuTLS priority string has been enabled.
- GnuTLS RC4 + COMPAT in set_gnutls_protocol() have been enabled.
- Several issues reported by Coverity have been addressed.
- Documentation has been improved.
OpenVAS Scanner v5.1.3
This is the third maintenance release of the openvas-scanner 5.1 module
for the Open Vulnerability Assessment System 9 (OpenVAS-9).
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Juan Jose Nicola, Timo Pollmeier, Jan-Oliver Wagner
and Michael Wiegand.
Main changes compared to 5.1.2:
- An issue which caused the scanner host process to get stuck searching
for plugins has been addressed. - Dependency for openvas-libraries has been raised from 9.0.2 to 9.0.3.
- Checking routines for tcp and udp required ports have been improved.
- Handling of requests from manager during the plugin load up has been
improved. - Support to specify a regex-based mandatory key has been added.
- New scanner option "time_between_request" has been added.
- NVT metadata cleanup has been improved.
OpenVAS Scanner v6.0+beta1
This is the first beta release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.
This version inherits all elements of the former openvas-libraries that were
used by OpenVAS Scanner only.
Apart from this, the module covers a number of significant advances
and clean-ups.
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Christian Fischer, Juan Jose Nicola, Bjoern Ricks,
Jan-Oliver Wagner and Michael Wiegand.
Main changes compared to 5.1:
- The required minimum version of new dependency GVM Libraries is 1.0.
- Many files which are only used for openvas-scaner have been moved to this
module from openvas-libraries. Therefore many include directives have been
adapted to the new source code. The dependency to module openvas-libraries
was removed. - OTP has been changed regarding the NVT category: It is now sent as integer
instead of as a string. - Plugin scheduler has been improved.
- NASL cryptography support has been updated.
- The use of winexe has been replaced with using wmiexec.py.
- Support for bigger numbers has been added to nasl_int function.
- The logging method has been completely re-arranged to follow the standard
logging methodology like all other GVM modules. Apart from unification,
essentially the scanner log now has timestamps.- openvassd.dump does not exist anymore: The log information are now handled
via central logging with respective log domain. - Log location has been moved to /var/log/gvm/.
- Support for using GLIB based logging has been added and logging messages
have been reviewed and improved. - It is now possible to configure the logging via /etc/openvas/openvassd_log.conf
- openvassd.dump does not exist anymore: The log information are now handled
- openvas-nasl-lint has been improved.
- Handling of vhost has been improved.
- The scanner inter-process communication has been simplified.
- The use of struct arglist has been reduced, among others global struct for scans
has been changed to struct global_scan. Other uses of arglist we transformed
into redis-based data handling. - Handling of non_simultaneous_ports_list has been improved.
- Handling of the plugin preferences and their communication to the client have
been improved. - Host/dead and Host/ping_failed are checked before attempting to launch the
plugin. - Greenbone NVT sync process has been improved: The scanner detects now on its own
when the feed was updated and automatically loads new and changed NVTs. - Location of access key is now configurable.
- The NASL command script_id has been removed.
- The NASL command script_summary has been removed.
- Command line option --gnupg-home has been removed.
- openvas_popen has been replaced with GLib routine.
- Error handling has been improved.
- Documentation has been updated.
- Several memory management aspects have been improved.
- Various code cleanups and improvements, partly derived from static code analysis.
- The CMake building process was improved.
- Compilation issue with gcc 7 due to a switch fallthrough has been addressed.
- Minimum required version of glib has been raised to 2.42.
- Minimum required version of cmake has been raised to 3.0.
- Minimum required version of libssh has been raised to 0.6.0.
OpenVAS Scanner v5.0.9
This is the ninth maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).
Many thanks to everyone who contributed to this release:
Hani Benhabiles, Christian Fischer, Jan-Oliver Wagner and Juan Jose Nicola.
Main changes compared to 5.0.8:
- Redis performance has been improved reducing the number of queries during
a scan. - An issue related to the dependency cycle detection has been addressed.
OpenVAS Scanner v5.1.2
This is the second maintenance release of the openvas-scanner 5.1 module
for the Open Vulnerability Assessment System 9 (OpenVAS-9).
Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Björn Ricks, Michael Wiegand, and Juan José Nicola.
Main changes compared to 5.1.1:
- Plugin scheduling has been improved.
- An issue which caused segmentation faults under certain circumstances when
openvas-scanner was built with GnuTLS < 3.3.0 has been addressed. - The use of hostname and IP while logging has been made more consistent.
- An issue which caused NVTs to be executed out of sequence has been addressed.
- An issue which caused the main scanner process to terminate prematurely when
receiving a SIGHUP signal under certain circumstances has been addressed. - Increased dependency for openvas-libraries from 9.0.0 to 9.0.2.
- A Redis error is considered fatal and all running scans are stopped. A
message is sent to the client and the NVTs are reloaded. - A new progress bar style in which dead host are not taken in account was
added, which makes more time realistic the progress bar. - An issue which caused low scan performance has been addressed.
- The preference log_whole_attack is now an scanner-only preference.
- Several memory management issues have been addressed.
- Load-up plugins process is now a forked child process, which prevent main
process memory footprint growth. - Plugin preferences are sent directly to the client.
- Full nvticache has been moved from .nvti files to Redis.
- An issue with dependency cycle detection has been addressed.
- An issue which cause complete deletion of nvticache before reloading has
been addressed.