BugTraq
3proxy 0.5.3i bugfix release Apr 23 2007 09:50AM
Vladimir Dubrovin (3APA3A SECURITY NNOV RU)


Background:

3proxy [1] is universal multifunctional free open source proxy server
with multiple protocols supports (HTTP/HTTPS/Ftp over HTTP, POP3, FTP,
SOCKS 4/4.5/5, UDP and TCP portmapping, DNS proxy) with ACL-based access
control, proxy chaining, traffic accounting, bandwidth limitation,
configurable logging, etc for Windows/Linux/Unix.

Description:

On April, 14 3proxy development team released urgent 0.5.3h update [2]
for 3proxy, fixing stack-based buffer overflow vulnerability in both
Windows and Linux/Unix 3proxy versions 0.5-0.5.3g and 0.6-devel branch
before date of the fix (CVE-2007-2031) [3]. Vulnerability was found
during bug report investigation. Binary 3proxy 0.6-devel distribution is
compiled with stack protection.

On April, 20 reviewed 0.5.3i version [2] of 3proxy was released, fixing
few security unrelated functionality issues with bandwidth limitation
and traffic limitation.

Update information:

All 3proxy users are advised to update to latest 0.5.3i (or at least
0.5.3h) or 0.6-devel version [4].

Please subscribe to three-proxy-announce mailing list [5] to be
immediately informed on new 3proxy releases.

Announce:

0.6 version of 3proxy introduces extended access control / traffic
control features and plugins/extensions support. Windows authentication
is in beta testing, regular expressions filtering/rewriting plugin is in
alpha testing, LDAP plugin is in development, antiviral plugins are
planned for development. We invite port maintainers, developers and beta
testers.

References:

[1] 3proxy official homepage
http://3proxy.ru/
[2] 3proxy 0.5.3i Changelog
http://3proxy.ru/0.5.3i/Changelog.txt
[3] CVE-2007-2031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2031
[4] 3proxy download page
http://3proxy.ru/download/
[5] 3proxy announcements mailing list at Sourceforge
https://lists.sourceforge.net/lists/listinfo/three-proxy-announce

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus