Nessus 3.0.5 Available
This point release provides fixes for multiple minor issues with Nessus 3.0.4. The fixes include:
- Faster startup time, especially on laptops
- Improved the performance of the SYN port scanner
- Fixed a memory leak in the Mac OS X client
- Vista compatibility improved
- Various minor bugs fixed in the NASL engine
- Better chasing of zombie processes
Platform specific changes include:
- Windows : Improved Vista compatibility
- Mac OS X : fixed a memory leak in the client
- Mac OS X : fixed the way plugin preferences are processed (some prefs would not be displayed)
- Red Hat/Fedora : The priority of the nessusd startup script is now at 98 instead of 90, so that it starts later in the boot process
- On Debian, the dependencies of the Nessus package have been fixed to reflect the need of libssl0.9.7
Other changes of interest :
- nessusd.conf now accepts the option "listen_address" which can be used to bind the nessusd daemon to a specific port (just like 'nessusd -a' does). Adding 'listen_address 127.0.0.1" in nessusd.conf will force nessusd to only listen on the loopback interface (thanks to Martin Mačok for suggesting this)
- If you write your own plugins you'll notice that the changes you make are not reflected in the scan itself until the next plugin update. To speed up the startup time of nessusd, we now compare the timestamp of the plugins db with the time of the last update. This avoids inspecting thousands of files at startup. To force nessusd to inspect the timestamp of every plugin at startup, simply start it with the '-t' switch (as in 'nessusd -t -D').
Other minor fixes :
- nessus-update-plugins now displays a proper error message when plugins.nessus.org is unreachable
- 'nessus -i report.nbe -o report.html' would sometime crash when converting a malformed .nbe file to another format
- In NASL, shared_socket_acquire() now returns 0 on error, not -1
Nessus users should upgrade to Nessus 3.0.5 and obtain it directly from http://www.nessus.org. Tenable recommends that all Nessus 3 users perform the upgrade.
Related Articles
Study: Tenable Offers Fastest, Broadest Coverage of CISA's KEV Catalog
October 23, 2023Tenable ranked first in multiple vulnerability management categories, including the most comprehensive coverage and quickest detection of CISA's Known Exploited Vulnerabilities, according to a Miercom report commissioned by Tenable.
Tuning Network Assessments for Performance and Resource Usage
September 13, 2022Using the correct tool for the job and optimizing scanner placement will have a large impact on scan efficiency with Nessus, Tenable.io and Tenable.sc.
Terrascan Joins the Nessus Community, Enabling Nessus To Validate Modern Cloud Infrastructures
May 17, 2022The addition of Terrascan to the Nessus family of products helps users better secure cloud native infrastructure by identifying misconfigurations, security weaknesses, and policy violations by scanning Infrastructure as Code repositories.
CVE-2024-7593: Ivanti Virtual Traffic Manager Authentication Bypass Vulnerability
August 14, 2024Ivanti released a patch for a critical severity authentication bypass vulnerability and a warning that exploit code is publicly available
Microsoft’s August 2024 Patch Tuesday Addresses 88 CVEs
August 13, 2024Microsoft addresses 88 CVEs with seven critical vulnerabilities and 10 zero-day vulnerabilities, six of which were exploited in the wild.
Compromising Microsoft's AI Healthcare Chatbot Service
August 13, 2024Tenable Research discovered multiple privilege-escalation issues in the Azure Health Bot Service via a server-side request forgery (SSRF), which allowed researchers access to cross-tenant resources.
- Nessus