Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security FullDisclosure
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[Full-disclosure] 3proxy 0.5.3i bugfix release

from [Vladimir Dubrovin] Network Security [Permanent Link]
Subject: [Full-disclosure] 3proxy 0.5.3i bugfix release
Date: Mon, 23 Apr 2007 13:50:24 +0400 


Background:

3proxy  [1]  is  universal multifunctional free open source proxy server
with  multiple  protocols supports (HTTP/HTTPS/Ftp over HTTP, POP3, FTP,
SOCKS 4/4.5/5, UDP and TCP portmapping, DNS proxy) with ACL-based access
control,  proxy  chaining,  traffic  accounting,  bandwidth  limitation,
configurable logging, etc for Windows/Linux/Unix.

Description:

On  April,  14 3proxy development team released urgent 0.5.3h update [2]
for  3proxy,  fixing  stack-based  buffer overflow vulnerability in both
Windows  and  Linux/Unix 3proxy versions 0.5-0.5.3g and 0.6-devel branch
before  date  of  the  fix  (CVE-2007-2031) [3]. Vulnerability was found
during bug report investigation. Binary 3proxy 0.6-devel distribution is
compiled with stack protection.

On  April, 20 reviewed 0.5.3i version [2] of 3proxy was released, fixing
few  security  unrelated  functionality issues with bandwidth limitation
and traffic limitation.

Update information:

All  3proxy  users  are  advised to update to latest 0.5.3i (or at least
0.5.3h) or 0.6-devel version [4].

Please   subscribe  to  three-proxy-announce  mailing  list  [5]  to  be
immediately informed on new 3proxy releases.

Announce:

0.6  version  of  3proxy  introduces  extended  access control / traffic
control  features and plugins/extensions support. Windows authentication
is in beta testing, regular expressions filtering/rewriting plugin is in
alpha  testing,  LDAP  plugin  is  in development, antiviral plugins are
planned for development. We invite port maintainers, developers and beta
testers.

References:

[1] 3proxy official homepage
http://3proxy.ru/
[2] 3proxy 0.5.3i Changelog
http://3proxy.ru/0.5.3i/Changelog.txt
[3] CVE-2007-2031
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2007-2031
[4] 3proxy download page
http://3proxy.ru/download/
[5] 3proxy announcements mailing list at Sourceforge
https://lists.sourceforge.net/lists/listinfo/three-proxy-announce

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [Full-disclosure] 3proxy 0.5.3i bugfix release, Vladimir Dubrovin <=
Previous by Date:  Re: [Full-disclosure] Apparently eEye's blog got p0wnd, Valdis . Kletnieks
Next by Date:  Re: [Full-disclosure] [Amsn-devel] aMSN <= 0.96 remote DoS vulnerability, Levent Kayan
Previous by Thread:  [Full-disclosure] [ GLSA 200704-18 ] Courier-IMAP: Remote execution of arbitrary code, Raphael Marichez
Next by Thread:  [Full-disclosure] [ MDKSA-2007:092 ] - Updated freeradius packages fix vulnerability, security
Indexes:  [Date] [Thread] [Top] [All Lists]