[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1987070183.20070423135024@SECURITY.NNOV.RU>
Date: Mon, 23 Apr 2007 13:50:24 +0400
From: Vladimir Dubrovin <3APA3A@...URITY.NNOV.RU>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: 3proxy 0.5.3i bugfix release
Background:
3proxy [1] is universal multifunctional free open source proxy server
with multiple protocols supports (HTTP/HTTPS/Ftp over HTTP, POP3, FTP,
SOCKS 4/4.5/5, UDP and TCP portmapping, DNS proxy) with ACL-based access
control, proxy chaining, traffic accounting, bandwidth limitation,
configurable logging, etc for Windows/Linux/Unix.
Description:
On April, 14 3proxy development team released urgent 0.5.3h update [2]
for 3proxy, fixing stack-based buffer overflow vulnerability in both
Windows and Linux/Unix 3proxy versions 0.5-0.5.3g and 0.6-devel branch
before date of the fix (CVE-2007-2031) [3]. Vulnerability was found
during bug report investigation. Binary 3proxy 0.6-devel distribution is
compiled with stack protection.
On April, 20 reviewed 0.5.3i version [2] of 3proxy was released, fixing
few security unrelated functionality issues with bandwidth limitation
and traffic limitation.
Update information:
All 3proxy users are advised to update to latest 0.5.3i (or at least
0.5.3h) or 0.6-devel version [4].
Please subscribe to three-proxy-announce mailing list [5] to be
immediately informed on new 3proxy releases.
Announce:
0.6 version of 3proxy introduces extended access control / traffic
control features and plugins/extensions support. Windows authentication
is in beta testing, regular expressions filtering/rewriting plugin is in
alpha testing, LDAP plugin is in development, antiviral plugins are
planned for development. We invite port maintainers, developers and beta
testers.
References:
[1] 3proxy official homepage
http://3proxy.ru/
[2] 3proxy 0.5.3i Changelog
http://3proxy.ru/0.5.3i/Changelog.txt
[3] CVE-2007-2031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2031
[4] 3proxy download page
http://3proxy.ru/download/
[5] 3proxy announcements mailing list at Sourceforge
https://lists.sourceforge.net/lists/listinfo/three-proxy-announce
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists