CVE-2020-4067: Improper Initialization in coturn
First published: Mon Jun 29 2020(Updated: )
In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.
Credit: security-advisories@github.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| ubuntu/coturn | <4.5.0.7-1ubuntu2.18.04.2 | 4.5.0.7-1ubuntu2.18.04.2 |
| ubuntu/coturn | <4.5.1.1-1.1ubuntu0.19.10.1 | 4.5.1.1-1.1ubuntu0.19.10.1 |
| ubuntu/coturn | <4.5.1.1-1.1ubuntu0.20.04.1 | 4.5.1.1-1.1ubuntu0.20.04.1 |
| ubuntu/coturn | <4.5.1.3-1 | 4.5.1.3-1 |
| ubuntu/coturn | <4.5.0.3-1ubuntu0.3 | 4.5.0.3-1ubuntu0.3 |
| debian/coturn | 4.5.2-3 4.6.1-1 4.6.1-2 | |
| coturn | <4.5.1.3 | |
| Debian Linux | =8.0 | |
| Debian Linux | =9.0 | |
| Debian Linux | =10.0 | |
| Red Hat Fedora | =31 | |
| Red Hat Fedora | =32 | |
| Ubuntu | =16.04 | |
| Ubuntu | =18.04 | |
| Ubuntu | =19.10 | |
| Ubuntu | =20.04 | |
| SUSE Linux | =15.2 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
- http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.html
- https://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15
- https://github.com/coturn/coturn/issues/583
- https://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm
- https://lists.debian.org/debian-lts-announce/2020/07/msg00002.html
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM/
- https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNJJO77ZLGGFJWNUGP6VDG5HPAC5UDBK/
- https://usn.ubuntu.com/4415-1/
- https://www.debian.org/security/2020/dsa-4711
- https://launchpad.net/bugs/cve/CVE-2020-4067
- https://github.com/coturn/coturn/commit/170da1140797748ae85565b5a93a2e35e7b07b6a
- https://security-tracker.debian.org/tracker/CVE-2020-4067
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM/
- https://lists.fedoraproject.org/archives/list/package-announce%40lists.fedoraproject.org/message/TNJJO77ZLGGFJWNUGP6VDG5HPAC5UDBK/
- https://ubuntu.com/security/notices/USN-4415-1
- https://www.cve.org/CVERecord?id=CVE-2020-4067
- https://nvd.nist.gov/vuln/detail/CVE-2020-4067
- https://ubuntu.com/security/CVE-2020-4067
Frequently Asked Questions
What is the severity of CVE-2020-4067?
CVE-2020-4067 has been classified as a medium severity vulnerability due to the potential for information leakage between client connections.
How do I fix CVE-2020-4067?
To fix CVE-2020-4067, upgrade to coturn version 4.5.1.3 or later.
What kind of systems are affected by CVE-2020-4067?
CVE-2020-4067 affects coturn versions prior to 4.5.1.3 on Ubuntu, Debian, and Fedora systems.
What is the nature of the vulnerability described in CVE-2020-4067?
CVE-2020-4067 is a vulnerability that involves the improper initialization of STUN/TURN response buffers, leading to potential information leaks.
Can an attacker exploit CVE-2020-4067 remotely?
Yes, an attacker can exploit CVE-2020-4067 remotely by querying the coturn server to access sensitive information from other client connections.
- agent/type
- collector/launchpad-cve
- source/Launchpad
- agent/weakness
- agent/description
- agent/first-publish-date
- collector/mitre-cve
- source/MITRE
- agent/title
- agent/severity
- agent/last-modified-date
- collector/usn-cve
- source/Ubuntu
- agent/software-canonical-lookup
- agent/references
- collector/security-tracker-debian
- source/Debian
- agent/event
- agent/trending
- agent/source
- agent/author
- collector/nvd-cve
- source/NVD
- agent/software-canonical-lookup-request
- agent/softwarecombine
- agent/tags
- collector/nvd-index
- package-manager/ubuntu
- package-manager/debian
- vendor/coturn project
- canonical/coturn
- vendor/debian
- canonical/debian linux
- version/debian linux/8.0
- version/debian linux/9.0
- version/debian linux/10.0
- vendor/fedoraproject
- canonical/red hat fedora
- version/red hat fedora/31
- version/red hat fedora/32
- vendor/canonical
- canonical/ubuntu
- version/ubuntu/16.04
- version/ubuntu/18.04
- version/ubuntu/19.10
- version/ubuntu/20.04
- vendor/opensuse
- canonical/suse linux
- version/suse linux/15.2