Hello, The OpenVAS developers have just released a number of important security releases for the Open Vulnerability Assessment System release series 5 and 6 (OpenVAS-5 and OpenVAS-6).
The releases are: - OpenVAS Manager 4.0.4 - OpenVAS Manager 3.0.7 - OpenVAS Administrator 1.3.2 - OpenVAS Administrator 1.2.2 We highly recommend to update your OpenVAS installation to the versions listed above immediately. For OpenVAS Manager, this is a security release addressing a serious security bug and it is highly recommended to update any installation of OpenVAS Manager 3.0 and 4.0 with the corresponding release. A software bug in OpenVAS Manager allowed an attacker to bypass the OMP authentication procedure. The attack vector was remotely available in case OpenVAS Manager was listening on a public network interface. In case of successful attack, the attacker gained partial rights to execute OMP commands. The bypass authentication was, however, incomplete and several OMP commands failed to execute properly. For OpenVAS Administrator, this is a security release addressing a very serious security bug and it is highly recommended to update any installation of OpenVAS Administrator 1.2 and 1.3 with the corresponding release. A software bug in OpenVAS Administrator allowed an attacker to bypass the OAP authentication procedure. The attack vector was remotely available in case OpenVAS Administrator was listening on a public network interface. In case of successful attack, the attacker was able to create and modify users and could use the gained privileges to take control over an OpenVAS installation if the Scanner and/or Manager instances controlled by this Administrator instance were also listening on public network interfaces. The source tarballs for the releases along with checksums and signatures are available for download from the OpenVAS website at http://www.openvas.org/. Regards, Michael Wiegand -- Michael Wiegand | Greenbone Networks GmbH | http://www.greenbone.net/ Neuer Graben 17, 49074 Osnabrück, Germany | AG Osnabrück, HR B 202460 Executive Directors: Lukas Grunwald, Dr. Jan-Oliver Wagner _______________________________________________ Openvas-announce mailing list Openvas-announce@wald.intevation.org https://lists.wald.intevation.org/cgi-bin/mailman/listinfo/openvas-announce
