openvas-scanner

21.4.1 - 2021-06-23

Added

• Improve nasl linter to catch more cases of undeclared variables. #728
• Add deprecation warning for source_iface related settings which will be removed with the 21.10 release. #732
• New Credentials for SSH to get su privileges. Backport of #744. #753

Changed

• Update default log config #711

Fixed

• Use host from the original hosts list when boreas is enabled. #725
• Initialize the the kb to store results for openvas-nasl #735
• Fix unittest. Mock kb_lnk_reset. #748

Removed

20.8.2 - 2021-06-23

Added

• Check for wrong names or values in the script_xrefs params.
  #650
  #653
• Log a message if the scanner did not launch all plugins against a host.
  #700
  #734

Changed

• Replace bogus data with a better message and the vendor. #665
• Improve log message for WMI connect failed or missing WMI support. #670
• Don't use g_error. Use g_warning instead and let the scanner to continue. #710
• Update COPYING file. #750
• Set file permissions when syncing community feed #769

Fixed

• Fix issues discovered with clang compiler. #654
• Fix gcc-9 and gcc-10 warnings. #655
• Fix double free in nasl_cert_query. #658
• Fix message to the client if there is a iface problem. #695
• Fix SIGSEGV when no best route is found. #702
• Fix host count when reverse_lookup_only is enabled. #715
• Use host from the orignal hosts list when boreas is enabled. Backport of PR #727. #725
• The function description of nasl_ssh_shell_read() has been fixed. #755

Removed

• Remove code from the openvas daemon era. Do not flushall redis. #689
• Remove deprecated option logfile. #713

Added

• Add scanner-only option to enable tls debugging. #558
• Extend nasl lint to detect if function parameter is used twice. #585
• Add option to specify if a host can be scanned through its IPv4 and IPv6 in parallel.
  #604
  #645
• Add insert_tcp_options and insert_tcp_v6_options nasl functions. #618
• Add get_tcp_option and extend dump_tcp_packet nasl functions. #621
• Add new scanner only option for spawning NASL functions with a different owner. #634
• Add debug logs for allow_simultaneous_ips=no. #685
• Add min_free_mem and max_sysload scanner only options. #690

Changed

• Store results in main_kb instead of host_kb. #550
• Also use internal function name in some nasl log messages. #611
• Move more scanner preferences to gvm-libs to make them available for openvas-nasl. #614

Removed

• Use the nvticache name from gvm-libs, defined in nvticache.h. #578

Added

• Extend nasl lint to detect if function parameter is used twice. #590
• Add support for TLSv1.3. #588#598
• Add alternative for supporting snmp during scans. #594
• Add resolve_hostname_to_multiple_ips() NASL function. #596
• Send message to the client with hosts count. #606
• Use nasl_perror on invalid input and add more documentation. #608
• Add timeout argument to ssh_connect() nasl function to set the connection timeout. 631

Changed

• Downgrade wmi queries log level for common errors.
  #602
  #607
• Rename some nasl functions and func parameters for consistency and fix byte order issue in get_ipv6_element. #613
• Change log level from debug to message to show max_host and max_scan during scan start. #626

Fixed

• Fork vhosts before creating the socket.#576
• Check if another forked child has already added the same vhost. #581
• Send duplicated hosts as dead hosts to ospd, to adjust scan progress calculation. #586
• Only send the signal if the pid is a positive value. #593
• When routes with same mask are found the route with the better metric is chosen.
  #593
  #639
• Fix malformed target. #625
• Fix snmp result. Only return the value and do not stop at the first \n. #627
• Fix masking of IPv6 addresses. #635
• Fix technique switch for getting the appropriate interface to use for IPv6 dst addr. #636
• Fix host count. Set to -1 when the target string is invalid. #646

Added

• Create greenbone-nvt-sync create lock file during feed sync.
  #458
  #459
• Extend script_get_preference() to get the value by id. #470
• Add extended environmental variables info to greenbone-nvt-sync help text. #488
• Extend nasl functions which generate results with optional "uri" parameter #526
• Add nasl function to get the host kb index. #530
• Print the filter used by pcap in the error message.
  #537
  #540

Changed

• The logging of the NASL internal regexp functions was extended to include the pattern in case of a failed regcomp(). #397
• Add config for gpg keyring path (OPENVAS_GPG_BASE_DIR) #407
• Use func instead of FUNCTION #419
• Use pcap_findalldevs() instead of deprecated function pcap_lookupdev() #422 #430
• Add port-range option for openvas-nasl #431
• Add test_alive_hosts_only feature. #456
• Don't reload the plugins when start a new scan. #458
• Drop http feed sync. #478
• Add aligned summary to log at scan end. #496
• Unify log messages about start/end of scan and of hosts. #500
• Use flock to lock the feed lock file. #507
• Move alive detection module (Boreas) into gvm-libs #519
• Allow to set all legal types of icmp v6 in icmp header in openvas-nasl. #542
• The output of the NASL dump_* packet forgery functions was made consistent. #555
• Make drop_privileges setting a scanner-only preference. #557
• Feed lock path is now configurable. #574

Fixed

• Improve signal handling when update vhosts list. #425
• Wait for all children instead of waiting just for one a time. #428
• Don't detect MongoDB as a HTTP service. #447
• Set status finished and send a message if the port list is invalid. #453
• Fix format-truncation warning in GCC 8.2 and later. #461
• Clean the new kb when the scan was stopped and the host has not been started. #494
• Prevent child deadlock. #491
• Memleak fixes for kb_item_get_str(). #502
• Fix denied hosts. #510
• Fix openvas-nasl. Add kb key/value for all vhosts. #533
• Wait for last plugin to finish before change to other category. #534
• Corrected function parameter names in nasl_perror calls. #539
• Various updates to the nasl_perror() error texts. #539
• Fix icmp checksum calculation in openvas-nasl. #543
• Fix ipv6 flow label in nasl_packet_forgery_v6() for openvas-nasl. #545
• Fix name of NASL internal IPPROTO_IP variable. #552
• Fix byte ordering and wrong PROTO identifier in dump_ipv6_packet() for openvas-nasl. #549
• Fix size calculation which lead to alloc error in get_tcp_element() of openvas-nasl. #546
• Fix filter out of default 'radio' type preferences #560
• Allow group access to lockfile and fix empty timestamp #562

Removed

• Removed "network scan" mode. This includes removal of NASL API methods "scan_phase()" and "network_targets()". Sending a "network_mode=yes" in a scanner configuration will have no effect anymore. #493

This is the second patch release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.

Main changes compared to openvas-scanner 6.0.1:

• The call to wmiexec.py has been replaced with impacket-wmiexec, because
  the symlink has been added in Debian Stretch with python-impacket 0.9.15-1.
• An issue which could have caused a truncated string in register_service()
  has been fixed.
• Improve signal handling when update vhosts list.
• Increase size of buffer for preferences to allow for up to 105K NVTs.
• Perform the scan even if there are missing plugins in the nvticache.
• Drop HTTP sync.
• Use new URL for GCF rsync.

Added

• Display gvm-libs version in openvas --version output #436
• Create greenbone-nvt-sync create lock file during feed sync.
  #457
  #460
• Extend script_get_preference() to get the value by id. #471

Changed

• Improve handling of invalid or existent ids of nvt's preference id. #416
• Perform a scan even if there are missing plugins. #439
• Don't reload the plugins when start a new scan. #457
• Use new URL for GCF rsync. #474

Fixed

• Do not store in memory an empty file received as nvt preference. #409
• Fix stop scan. #414
• Fix hanging scans. #423
• Improve signal handling when update vhosts list. #426
• Wait for all children instead of waiting just for one a time. #429
• Fix format-truncation warning in GCC 8.2 and later. #462

Removed

• Drop HTTP sync #489

Added

• An ID has been added to NVT preferences. #282
• A new NVT cross references data handling has been added. #317
• Add option --scan-stop. #352
• Add support to open an rc4 stream cipher, the function to encrypt stream data using the cipher handle,
  and the function to close a handler. #354
• Add one single config for redis to config/redis-openvas.conf. #370

Changes

• Vendor version is now an option in the config file. #363
• The NVT preference format has been changed. #275
• Redis supported versions must be 3.2 or higher. #287
• Log directory is now configurable. #316
• The greenbone-nvt-sync script is not allowed to run as root. #323
• OpenVAS Scanner has been renamed to OpenVAS (Open Vulnerability Assessment Scanner). #337 #343
• Retry until a host finishes and frees a db before running a new host scan, in case there is no free redis db. Therefore a infinite loop has been added when it call kb_new(). #340
• Use new nvti_add_tag() instead of plug_set_tag() and remove plug_set_tag(). #385
• Remove dead code about tags regarding former openvas settings "result_prepend_tags" and "result_append_tags". #386
• Check cache/feed errors during plugin scheduling. #358
• Vendor version is now an option in the config file. #363
• Use API for accessing NVTI elements. #365

Fixed

• An issue with stuck scans where only a single plugin is running and is beyond its timeout has been addressed. #289
• Fix a type mismatch. Use correct format specifier for size_t. #299
• An issue which caused falling back into a default port in get_ssh_port() has been fixed. #342
• An issue which could have caused a truncated string in register_service() has been fixed. #373
• Reset redis connection after the host scan finished. This avoids to leave open fd, which cause ulimit problems. #384
• Fix mis-identification of Sphinx Search service. #387
• Set a key in redis when the scan finishes and fix stop scan using the right pid. #390
• Fix detection of finger service. #391
• Wait for zombie process in case of timed out nvts. #379
• Fix handling of file type nvt preferences. #399

Removed

• Unused be_nice scan preferences has been removed. #313
• OTP has been entirely removed in favor of using the ospd-openvas interface. #333 #351
  #337 #389
• Daemon mode has been entirely removed. #337 #341

This is the first patch release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.

Main changes compared to openvas-scanner 6.0.0:

• An issue which caused the scanner to crash when a plugin is missing
  during a scan has been addressed.
• An issue which caused a plugin to hang in nasl_pread() has been addressed.
• Lower-case format is used for values added from add_host_name().
• Do not launch the scan if the nvticache is corrupted or an error is detected
  during the plugin schedule process.
• Issues in building process have been addressed.
• An issue which caused the manager to consider a scan as finished when it was
  actually stopped has been addressed.
• An issue which caused possible null IP values in OTP results has been
  addressed.
• An issue which caused forgotten children of children processes has been
  addressed.
• The unfinished Advanced log feature has been removed.
• An issue which caused a plugin to finished immediately when a wrong
  custom timeout was sent from the manager has been addressed.
• An issue which caused a scan to hang for ever if there was no redis kb
  available has been addressed.
• An issue which caused a plugin to use the default port when a custom port
  is given has been addressed.

This is the first release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.

This version inherits all elements of the former openvas-libraries that were
used by OpenVAS Scanner only.

Apart from this, the module covers a number of significant advances
and clean-ups.

Main changes compared to openvas-scanner 6.0+beta2:

• Function to get the currently running script filename has been added.
• Debugging nasl mechanism has been improved, replacing preprocessor directives
  with g_debug facility.
• An issue related to the log facility and greenbone-nvt-sync has been fixed.
• OpenVAS reload has been improved.
• Code related to redis queries was improved.
• An issue which caused nasl-lint to fail in case of unneeded nested functions
  has been addressed.
• An issue which caused returning erroneous values by
  get_plugin_preference() has been addressed.
• An issue which cause stuck scans where only a single plugin is running
  and is beyond its timeout has been addressed.
• Unused internal_send/recv() functions have been removed.
• Issues reported by static code analysis have been addressed.
• Issues in building process have been addressed.
• Several code improvements and clean-ups have been done.
• Documentation has been improved.

This is the second beta release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.

The module covers a number of significant advances and clean-ups.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Christian Fischer, Matt Mundell, Juan Jose Nicola,
Bjoern Ricks, Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to openvas-scanner 6.0+beta1:

• A new command line option 'scan-start' with a scan ID has been added. This
  add support for non-OTP clients.
• Handling of vhosts and multiple domain names has been improved.
• Setting 'kb_location' has been renamed to 'db_address'.
• Cleanup of plugin child processes has been improved.
• Routines for tcp and udp required ports checks have been improved.
• An issue caused by password quotation has been addressed.
• Script version has been removed.
• Script copyright has been removed.
• An issue which caused a hanging scan process has been addressed.
• An issue related to WMI_HANDLE which caused a segmentation fault has
  been addressed.
• NASL get_host_names() API has been added.
• Several code style improvements have been done.
• Several performance improvements have been done.
• The plugin scheduler has been improved.
• Define MAXPATHLEN for specific downstream architectures.
• An issue which caused parameter pollution in certain NASL functions
  has been addressed.
• NASL function resolve_host_name() has been added.
• Unused preference use_mac_addr has been removed.
• Issues in building process have been addressed.
• Defaults to expand_vhosts if no preference was given is set to yes.
• NASL function get_ssl_compression() has been removed.
• Compatibility mode in GnuTLS priority string has been enabled.
• GnuTLS RC4 + COMPAT in set_gnutls_protocol() have been enabled.
• Several issues reported by Coverity have been addressed.
• Documentation has been improved.

This is the third maintenance release of the openvas-scanner 5.1 module
for the Open Vulnerability Assessment System 9 (OpenVAS-9).

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Juan Jose Nicola, Timo Pollmeier, Jan-Oliver Wagner
and Michael Wiegand.

Main changes compared to 5.1.2:

• An issue which caused the scanner host process to get stuck searching
  for plugins has been addressed.
• Dependency for openvas-libraries has been raised from 9.0.2 to 9.0.3.
• Checking routines for tcp and udp required ports have been improved.
• Handling of requests from manager during the plugin load up has been
  improved.
• Support to specify a regex-based mandatory key has been added.
• New scanner option "time_between_request" has been added.
• NVT metadata cleanup has been improved.

This is the first beta release of the openvas-scanner module 6.0 for the
Greenbone Vulnerability Management (GVM) framework.

This version inherits all elements of the former openvas-libraries that were
used by OpenVAS Scanner only.

Apart from this, the module covers a number of significant advances
and clean-ups.

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Christian Fischer, Juan Jose Nicola, Bjoern Ricks,
Jan-Oliver Wagner and Michael Wiegand.

Main changes compared to 5.1:

• The required minimum version of new dependency GVM Libraries is 1.0.
• Many files which are only used for openvas-scaner have been moved to this
  module from openvas-libraries. Therefore many include directives have been
  adapted to the new source code. The dependency to module openvas-libraries
  was removed.
• OTP has been changed regarding the NVT category: It is now sent as integer
  instead of as a string.
• Plugin scheduler has been improved.
• NASL cryptography support has been updated.
• The use of winexe has been replaced with using wmiexec.py.
• Support for bigger numbers has been added to nasl_int function.
• The logging method has been completely re-arranged to follow the standard
  logging methodology like all other GVM modules. Apart from unification,
  essentially the scanner log now has timestamps.
  • openvassd.dump does not exist anymore: The log information are now handled
    via central logging with respective log domain.
  • Log location has been moved to /var/log/gvm/.
  • Support for using GLIB based logging has been added and logging messages
    have been reviewed and improved.
  • It is now possible to configure the logging via /etc/openvas/openvassd_log.conf
• openvas-nasl-lint has been improved.
• Handling of vhost has been improved.
• The scanner inter-process communication has been simplified.
• The use of struct arglist has been reduced, among others global struct for scans
  has been changed to struct global_scan. Other uses of arglist we transformed
  into redis-based data handling.
• Handling of non_simultaneous_ports_list has been improved.
• Handling of the plugin preferences and their communication to the client have
  been improved.
• Host/dead and Host/ping_failed are checked before attempting to launch the
  plugin.
• Greenbone NVT sync process has been improved: The scanner detects now on its own
  when the feed was updated and automatically loads new and changed NVTs.
• Location of access key is now configurable.
• The NASL command script_id has been removed.
• The NASL command script_summary has been removed.
• Command line option --gnupg-home has been removed.
• openvas_popen has been replaced with GLib routine.
• Error handling has been improved.
• Documentation has been updated.
• Several memory management aspects have been improved.
• Various code cleanups and improvements, partly derived from static code analysis.
• The CMake building process was improved.
• Compilation issue with gcc 7 due to a switch fallthrough has been addressed.
• Minimum required version of glib has been raised to 2.42.
• Minimum required version of cmake has been raised to 3.0.
• Minimum required version of libssh has been raised to 0.6.0.

This is the ninth maintenance release of the openvas-scanner 5.0 module for
the Open Vulnerability Assessment System release 8 (OpenVAS-8).

Many thanks to everyone who contributed to this release:
Hani Benhabiles, Christian Fischer, Jan-Oliver Wagner and Juan Jose Nicola.

Main changes compared to 5.0.8:

• Redis performance has been improved reducing the number of queries during
  a scan.
• An issue related to the dependency cycle detection has been addressed.

This is the second maintenance release of the openvas-scanner 5.1 module
for the Open Vulnerability Assessment System 9 (OpenVAS-9).

Many thanks to everyone who has contributed to this release:
Hani Benhabiles, Björn Ricks, Michael Wiegand, and Juan José Nicola.

Main changes compared to 5.1.1:

• Plugin scheduling has been improved.
• An issue which caused segmentation faults under certain circumstances when
  openvas-scanner was built with GnuTLS < 3.3.0 has been addressed.
• The use of hostname and IP while logging has been made more consistent.
• An issue which caused NVTs to be executed out of sequence has been addressed.
• An issue which caused the main scanner process to terminate prematurely when
  receiving a SIGHUP signal under certain circumstances has been addressed.
• Increased dependency for openvas-libraries from 9.0.0 to 9.0.2.
• A Redis error is considered fatal and all running scans are stopped. A
  message is sent to the client and the NVTs are reloaded.
• A new progress bar style in which dead host are not taken in account was
  added, which makes more time realistic the progress bar.
• An issue which caused low scan performance has been addressed.
• The preference log_whole_attack is now an scanner-only preference.
• Several memory management issues have been addressed.
• Load-up plugins process is now a forked child process, which prevent main
  process memory footprint growth.
• Plugin preferences are sent directly to the client.
• Full nvticache has been moved from .nvti files to Redis.
• An issue with dependency cycle detection has been addressed.
• An issue which cause complete deletion of nvticache before reloading has
  been addressed.