Nessus 5.0.1 vulnerability scanner released

Tenable release of Nessus 5.0.1, a vulnerability and configuration assessment solution for enterprises and security professionals. This release improves the stability on all platforms, and solves Windows-specific issues related to installation and packet forgery.

From a user perspective, the only change is that it is now possible to specify a separate list of UDP and TCP ports to scan on all targets. This is set in the “Port scanner range” field when you create a new policy or modify an existing one (e.g. if you wanted to scan TCP ports 1-1024 and UDP ports 1-200 the syntax is: “T:1-1024,U:1-200”).

Enhancements and bug fixes:

• Resolved an issue whereas packet forgery was not working on some Windows setups
• Improved the Windows installer which would fail on some setups
• Fixed several thread synchronization issues leading to a crash in certain situations
• Imported v1 reports are more legible
• Nessus can now read a 64-bit database on a 32-bit system and vice-versa
• Identified and resolved a minor memory leak issue occurring on all platforms
• Scanning with a SSL certificate defined in the policy would sometimes cause a scanner crash
• Workaround for CVE-2011-3389
• Worked around a possible incompatibility with the Fedora 16 / Debian 6 memory allocator
• Restored the ability to log in via certificate authentication on port 1241 when “force_pubkey_auth = no”
• This version of Nessus now includes OpenSSL version 1.0.0h.