lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20081217144029.GG28795@intevation.de>
Date: Wed, 17 Dec 2008 15:40:29 +0100
From: Michael Wiegand <michael.wiegand@...evation.de>
To: Full-Disclosure <full-disclosure@...ts.grok.org.uk>,
	Bugtraq <bugtraq@...urityfocus.com>, Pen-Test <pen-test@...urityfocus.com>
Subject: Network Security Scanner OpenVAS 2.0.0 Released

Hello,

On December 17th, 2008, the OpenVAS[1] developer team released OpenVAS 2.0.0
which marks the start of the next generation of the Open Vulnerability
Assessment System for network security scanning.

OpenVAS is a fork of the Nessus security scanner which has continued development
under a proprietary license since late 2005. Since the release of OpenVAS 1.0.0
in October 2007, the OpenVAS developers continued the auditing of the code
inherited from Nessus and have added a variety of useful features for OpenVAS
users, for server adminstrators and for developers of Network Vulnerability
Tests (NVTs).

The main changes compared to the 1.0 series cover:

* OVAL Support:
  OpenVAS 2.0.0 introduces preliminary support for OVAL, the Open Vulnerability
  and Assessment Language[2]. OVAL is an international, information security,
  community standard to promote open, standardized and publicly available
  security content.  The OpenVAS server can now execute OVAL files just like its
  own Network Vulnerability Tests (NVTs) using the OVAL definitions interpreter
  "ovaldi".  While the plain ovaldi tool can only check local systems where it
  is installed, the combination with OpenVAS enables ovaldi to test any target
  system for which OpenVAS has collected information. OpenVAS 2.0.0 includes
  readily available support for Red Hat Enterprise Linux security announcements
  as published in OVAL format. OVAL support will expand to further platforms.

* OpenVAS Transfer Protocol (OTP):
  A comprehensive audit of the Nessus Transfer Protocol (NTP) resulted in
  numerous improvements and fixes and lead to the OpenVAS Transfer Protocol
  (OTP).  Since NTP support was dropped entirely, the 1.0 and 2.0 series of
  OpenVAS Server and Client can not operate in mixed mode.

* Object Identifiers (OIDs):
  In order to make identifying individual NVTs easier, OpenVAS adopted an
  OID-based numbering scheme for NVTs. OIDs in OpenVAS will start with the
  prefix 1.3.6.1.4.1.25623, backward compatibility in server and client has been
  ensured.

* 64-bit Support:
  Intensive work on 64-bit cleanliness has been undertaken. OpenVAS 2.0.0
  is expected be fully 64-bit compatible.

* Improved GUI Client:
  The OpenVAS-Client has seen a number of improvements and is now able to
  display NVT signature information in the GUI and in the various reports.
  Reporting has been improved as well as localization for various languages
  (best support in this order: German, Spanish/French, Swedish, Hebrew,
  Croatian).

* Bugfixes:
  Any spotted bugs have been fixed. Please refer to
  the CHANGES files supplied with the individual modules for details.

* Code Audit:
  A large amount of outdated or unused code has been idenfied and removed or
  replaced.

Compatibility of NASL NVTs and the OpenVAS Feed Service:
The available NVT package (openvas-plugins) and OpenVAS Feed which provides more
than 6000 NVTs are compatible for both the 1.0 and the 2.0 series of OpenVAS.

Migration from OpenVAS 1.0:
If you want to migrate your existing reports created with an 1.0 series client
to OpenVAS 2.0.0, please use the script provided in the openvas-client/tools
directory.
If you are currently using OpenVAS 1.0.x, we recommend that you install the
OpenVAS 2.0.0 source code relase seperately from your existing installation.

Documentation:
An extensive documentation for OpenVAS has been created as well and was recently
released. Users, adminstrators and developers can now access more than 100 pages
of the OpenVAS Compendium, available in English and German.

Downloads:
All download links for OpenVAS 2.0.0 and additional information can be found on
the OpenVAS website[1]. OpenVAS 2.0.0 is initially relased as a source code
release; packages for various distributions are expected to follow.

The OpenVAS team would like to thank everybody who has contributed to this
release. We have worked hard to bring you the best OpenVAS version. If you have
any questions or suggestions, please feel free to use the public mailing list
and our online chat. Please use the OpenVAS bug tracker[3] to report bugs.

The OpenVAS developers would like to wish all users a recreative holiday season
and a a happy new year.

[1] http://www.openvas.org
[2] http://oval.mitre.org
[3] http://bugs.openvas.org

-- 
Michael Wiegand |  OpenPGP key: D7D049EC  |  http://www.intevation.de/
Intevation GmbH, Neuer Graben 17, 49074 Osnabrück | AG Osnabrück, HR B 18998
Geschäftsführer: Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ