Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
debianDebianDEBIAN:DSA-4829-1:AF396
HistoryJan 11, 2021 - 1:57 p.m.

[SECURITY] [DSA 4829-1] coturn security update

2021-01-1113:57:27
lists.debian.org
39
coturn
security update
cve-2020-26262
voip
debian
remote attacker
ipv6

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

AI Score

7.1

Confidence

High

EPSS

0.002

Percentile

56.7%

JSON

Debian Security Advisory DSA-4829-1 [email protected]
https://www.debian.org/security/ Salvatore Bonaccorso
January 11, 2021 https://www.debian.org/security/faq

Package : coturn
CVE ID : CVE-2020-26262

A flaw was discovered in coturn, a TURN and STUN server for VoIP. By
default coturn does not allow peers on the loopback addresses
(127.x.x.x and ::1). A remote attacker can bypass the protection via a
specially crafted request using a peer address of '0.0.0.0' and trick
coturn in relaying to the loopback interface. If listening on IPv6 the
loopback interface can also be reached by using either [::1] or [::] as
the address.

For the stable distribution (buster), this problem has been fixed in
version 4.5.1.1-1.1+deb10u2.

We recommend that you upgrade your coturn packages.

For the detailed security status of coturn please refer to its security
tracker page at:
https://security-tracker.debian.org/tracker/coturn

Further information about Debian Security Advisories, how to apply
these updates to your system and frequently asked questions can be
found at: https://www.debian.org/security/

Mailing list: [email protected]

OSVersionArchitecturePackageVersionFilename
Debian10mipselcoturn-dbgsym< 4.5.1.1-1.1+deb10u2coturn-dbgsym_4.5.1.1-1.1+deb10u2_mipsel.deb
Debian10amd64coturn< 4.5.1.1-1.1+deb10u2coturn_4.5.1.1-1.1+deb10u2_amd64.deb
Debian9arm64coturn< 4.5.0.5-1+deb9u3coturn_4.5.0.5-1+deb9u3_arm64.deb
Debian10i386coturn-dbgsym< 4.5.1.1-1.1+deb10u2coturn-dbgsym_4.5.1.1-1.1+deb10u2_i386.deb
Debian10amd64coturn-dbgsym< 4.5.1.1-1.1+deb10u2coturn-dbgsym_4.5.1.1-1.1+deb10u2_amd64.deb
Debian10mipscoturn-dbgsym< 4.5.1.1-1.1+deb10u2coturn-dbgsym_4.5.1.1-1.1+deb10u2_mips.deb
Debian10armhfcoturn< 4.5.1.1-1.1+deb10u2coturn_4.5.1.1-1.1+deb10u2_armhf.deb
Debian10s390xcoturn< 4.5.1.1-1.1+deb10u2coturn_4.5.1.1-1.1+deb10u2_s390x.deb
Debian10s390xcoturn-dbgsym< 4.5.1.1-1.1+deb10u2coturn-dbgsym_4.5.1.1-1.1+deb10u2_s390x.deb
Debian10mips64elcoturn< 4.5.1.1-1.1+deb10u2coturn_4.5.1.1-1.1+deb10u2_mips64el.deb
Rows per page:
1-10 of 271

Related

openvas 7
nessus 5
fedora 2
ubuntucve 1
prion 1
cvelist 1
ubuntu 1
cve 1
alpinelinux 1
debian 2
debiancve 1
nvd 1
packetstorm 1
redhatcve 1
veracode 1
osv 6
archlinux 1
mageia 1
zdt 1
openvas
openvas
Debian: Security Advisory (DLA-2522-1)
2021-01-13 00:00:00
coturn < 4.5.2 Loopback Bypass Vulnerability
2021-01-20 00:00:00
Mageia: Security Advisory (MGASA-2021-0087)
2022-01-28 00:00:00
nessus
nessus
Fedora 32 : coturn (2021-32d0068851)
2021-01-20 00:00:00
Fedora 33 : coturn (2021-dee141fc61)
2021-01-20 00:00:00
Debian DSA-4829-1 : coturn - security update
2021-01-12 00:00:00
fedora
fedora
[SECURITY] Fedora 33 Update: coturn-4.5.2-1.fc33
2021-01-20 01:33:03
[SECURITY] Fedora 32 Update: coturn-4.5.2-1.fc32
2021-01-20 01:28:22
ubuntucve
ubuntucve
CVE-2020-26262
2021-01-11 00:00:00
prion
prion
Design/Logic Flaw
2021-01-13 19:15:00
cvelist
cvelist
CVE-2020-26262 Loopback bypass in Coturn
2021-01-13 18:15:17
ubuntu
ubuntu
coTURN vulnerability
2021-01-11 00:00:00
cve
cve
CVE-2020-26262
2021-01-13 19:15:16
alpinelinux
alpinelinux
CVE-2020-26262
2021-01-13 19:15:16
debian
debian
[SECURITY] [DLA 2522-1] coturn security update
2021-01-12 08:47:33
[SECURITY] [DSA 4829-1] coturn security update
2021-01-11 13:57:27
debiancve
debiancve
CVE-2020-26262
2021-01-13 19:15:16
nvd
nvd
CVE-2020-26262
2021-01-13 19:15:16
packetstorm
packetstorm
Coturn 4.5.1.x Access Control Bypass
2021-01-11 00:00:00
redhatcve
redhatcve
CVE-2020-26262
2022-05-20 23:57:46
veracode
veracode
Authorization Bypass
2021-01-11 20:53:49
osv
osv
coturn vulnerability
2021-01-11 21:19:33
coturn - security update
2021-01-12 00:00:00
coturn - security update
2021-01-11 00:00:00
archlinux
archlinux
[ASA-202101-21] coturn: insufficient validation
2021-01-12 00:00:00
mageia
mageia
Updated coturn package fixes a security vulnerability
2021-02-19 13:27:54
zdt
zdt
Coturn 4.5.1.x Access Control Bypass Vulnerability
2021-01-11 00:00:00

CVSS2

6.4

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

NONE

AV:N/AC:L/Au:N/C:P/I:P/A:N

CVSS3

7.2

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

CHANGED

Confidentiality Impact

LOW

Integrity Impact

LOW

Availability Impact

NONE

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:L/I:L/A:N

AI Score

7.1

Confidence

High

EPSS

0.002

Percentile

56.7%

JSON
Related for DEBIAN:DSA-4829-1:AF396
openvas7nessus5fedora2ubuntucve1prion1cvelist1ubuntu1cve1alpinelinux1debian2debiancve1nvd1packetstorm1redhatcve1veracode1osv6archlinux1mageia1zdt1