Improper Initialization in coTURN coTURN

1) Improper Initialization

EUVDB-ID: #VU30159

Risk: Medium

CVSSv3.1: 6.5 [CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N/E:U/RL:O/RC:C]

CVE-ID: CVE-2020-4067

CWE-ID: CWE-665 - Improper Initialization

Exploit availability: No

Description

The vulnerability allows a remote non-authenticated attacker to gain access to sensitive information.

In coturn before version 4.5.1.3, there is an issue whereby STUN/TURN response buffer is not initialized properly. There is a leak of information between different client connections. One client (an attacker) could use their connection to intelligently query coturn to get interesting bytes in the padding bytes from the connection of another client. This has been fixed in 4.5.1.3.

Mitigation

Install update from vendor's website.

Vulnerable software versions

coTURN: 4.5.1.0 - 4.5.1.2

External links

http://lists.opensuse.org/opensuse-security-announce/2020-07/msg00010.html
http://github.com/coturn/coturn/blob/aab60340b201d55c007bcdc853230f47aa2dfdf1/ChangeLog#L15
http://github.com/coturn/coturn/issues/583
http://github.com/coturn/coturn/security/advisories/GHSA-c8r8-8vp5-6gcm
http://lists.debian.org/debian-lts-announce/2020/07/msg00002.html
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/5G35UBNSRLL6SYRTODYTMBJ65TLQILUM/
http://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/TNJJO77ZLGGFJWNUGP6VDG5HPAC5UDBK/
http://usn.ubuntu.com/4415-1/
http://www.debian.org/security/2020/dsa-4711

Q & A

Can this vulnerability be exploited remotely?

Yes. This vulnerability can be exploited by a remote non-authenticated attacker via the Internet.

Is there known malware, which exploits this vulnerability?

No. We are not aware of malware exploiting this vulnerability.