Released 2011-11-02
This release of Open-AudIT was bought forward because of the disclosure of two vulnerabilities.
This release fixes these issues.
The details of each can be found at:
- Errata - 4.2.0 and earlier Javascript vulnerability
- Errata - 4.2.0, 3.5.0 and onwards util function vulnerability
Version | Type | Collection | Description |
---|---|---|---|
Professional | Bug | Integrations | When multiple integrations are configured, multiple identical attributes would appear in the integrations details on the device details page. |
Professional | New Feature | Discoveries | Retrieve and display installed certificates on Linux. Both system wide and Apache specific. |
Professional | New Feature | Discoveries | Retrieve and display USB connected devices (exclude bluetooth on Windows). |
Professional | Improvement | Queries | Add Query Details button to Query Execute template. |
Community | Improvement | Discoveries | There was an issue with PHP's SNMPv3 implementation. This is resolved for Linux where we now use net-snmp for initial credential testing. For Windows we cannot do this so the caveat is that where SNMPv3 is used, you must not have multiple credential sets (for SNMPv3) with identical security names. |
Professional | Improvement | Licenses | Add a license expiry date to /licenses entries. |
Professional | Improvement | Discoveries | Provide a list of discovery issues with hints to how to resolve them. |
Professional | Bug | Discoveries | Fix Active Directory discovery type option. AD discoveries now work again. |
Professional | Bug | Integrations | Fix integrations fields for bool_one_zero and bool_y_n always staying 'false'. |
Professional | Improvement | Devices | Provide an indication on the Devices List screen to indicate level of audit performed. |
Community | Bug | Util | Filter out all characters except those in the allowed list for determining number of IPs in range or subnet for util::subnet_size. See Errata - 4.2.0, 3.5.0 and onwards util function vulnerability |
Community | Bug | All | Fix link creation to exclude user input. See Errata - 4.2.0 and earlier Javascript vulnerability |
Community | Improvement | All | For spawning processes, no longer use the execute script with a URL, now call PHP directly. No longer a requirement for http to be available from localhost. |
Community | Improvement | Util | Allow downloading test_windows_client.vbs using the web interface at util/test_windows_client. |
Improvements to test_windows_client.vbs:
| |||
Community | Improvement | Discoveries | Fix audit_linux.sh to allow running on BusyBox. |
Enterprise | Improvement | Clouds | Delete the associated discovery when we delete the cloud. |
Community | Improvement | Discoveries | Update the MAC -> Manufacturer helper with more manufacturers. |
Community | Improvement | Discoveries | Add Fortinet Fortigate models to SNMP Model Helper. |
Community | Improvement | Discoveries | Detect Quest InTrust Agent in audit_linux.sh. |