Full Disclosure mailing list archives

Previous By Date Next
Previous By Thread Next

3proxy 0.5.3i bugfix release

From: Vladimir Dubrovin <3APA3A () SECURITY NNOV RU>
Date: Mon, 23 Apr 2007 13:50:24 +0400


Background:

3proxy  [1]  is  universal multifunctional free open source proxy server
with  multiple  protocols supports (HTTP/HTTPS/Ftp over HTTP, POP3, FTP,
SOCKS 4/4.5/5, UDP and TCP portmapping, DNS proxy) with ACL-based access
control,  proxy  chaining,  traffic  accounting,  bandwidth  limitation,
configurable logging, etc for Windows/Linux/Unix.

Description:

On  April,  14 3proxy development team released urgent 0.5.3h update [2]
for  3proxy,  fixing  stack-based  buffer overflow vulnerability in both
Windows  and  Linux/Unix 3proxy versions 0.5-0.5.3g and 0.6-devel branch
before  date  of  the  fix  (CVE-2007-2031) [3]. Vulnerability was found
during bug report investigation. Binary 3proxy 0.6-devel distribution is
compiled with stack protection.

On  April, 20 reviewed 0.5.3i version [2] of 3proxy was released, fixing
few  security  unrelated  functionality issues with bandwidth limitation
and traffic limitation.

Update information:

All  3proxy  users  are  advised to update to latest 0.5.3i (or at least
0.5.3h) or 0.6-devel version [4].

Please   subscribe  to  three-proxy-announce  mailing  list  [5]  to  be
immediately informed on new 3proxy releases.

Announce:

0.6  version  of  3proxy  introduces  extended  access control / traffic
control  features and plugins/extensions support. Windows authentication
is in beta testing, regular expressions filtering/rewriting plugin is in
alpha  testing,  LDAP  plugin  is  in development, antiviral plugins are
planned for development. We invite port maintainers, developers and beta
testers.

References:

[1] 3proxy official homepage
http://3proxy.ru/
[2] 3proxy 0.5.3i Changelog
http://3proxy.ru/0.5.3i/Changelog.txt
[3] CVE-2007-2031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2031
[4] 3proxy download page
http://3proxy.ru/download/
[5] 3proxy announcements mailing list at Sourceforge
https://lists.sourceforge.net/lists/listinfo/three-proxy-announce

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
Previous By Date Next
Previous By Thread Next

Current thread: