lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1987070183.20070423135024@SECURITY.NNOV.RU>
Date: Mon, 23 Apr 2007 13:50:24 +0400
From: Vladimir Dubrovin <3APA3A@...URITY.NNOV.RU>
To: full-disclosure@...ts.grok.org.uk, bugtraq@...urityfocus.com
Subject: 3proxy 0.5.3i bugfix release



Background:

3proxy  [1]  is  universal multifunctional free open source proxy server
with  multiple  protocols supports (HTTP/HTTPS/Ftp over HTTP, POP3, FTP,
SOCKS 4/4.5/5, UDP and TCP portmapping, DNS proxy) with ACL-based access
control,  proxy  chaining,  traffic  accounting,  bandwidth  limitation,
configurable logging, etc for Windows/Linux/Unix.

Description:

On  April,  14 3proxy development team released urgent 0.5.3h update [2]
for  3proxy,  fixing  stack-based  buffer overflow vulnerability in both
Windows  and  Linux/Unix 3proxy versions 0.5-0.5.3g and 0.6-devel branch
before  date  of  the  fix  (CVE-2007-2031) [3]. Vulnerability was found
during bug report investigation. Binary 3proxy 0.6-devel distribution is
compiled with stack protection.

On  April, 20 reviewed 0.5.3i version [2] of 3proxy was released, fixing
few  security  unrelated  functionality issues with bandwidth limitation
and traffic limitation.

Update information:

All  3proxy  users  are  advised to update to latest 0.5.3i (or at least
0.5.3h) or 0.6-devel version [4].

Please   subscribe  to  three-proxy-announce  mailing  list  [5]  to  be
immediately informed on new 3proxy releases.

Announce:

0.6  version  of  3proxy  introduces  extended  access control / traffic
control  features and plugins/extensions support. Windows authentication
is in beta testing, regular expressions filtering/rewriting plugin is in
alpha  testing,  LDAP  plugin  is  in development, antiviral plugins are
planned for development. We invite port maintainers, developers and beta
testers.

References:

[1] 3proxy official homepage
http://3proxy.ru/
[2] 3proxy 0.5.3i Changelog
http://3proxy.ru/0.5.3i/Changelog.txt
[3] CVE-2007-2031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2031
[4] 3proxy download page
http://3proxy.ru/download/
[5] 3proxy announcements mailing list at Sourceforge
https://lists.sourceforge.net/lists/listinfo/three-proxy-announce

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ