Vulnerability   
Search   
    Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:1.3.6.1.4.1.25623.1.0.877648
Category:Fedora Local Security Checks
Title:Fedora: Security Advisory for coturn (FEDORA-2020-f3fcb1608a)
Summary:The remote host is missing an update for the 'coturn'; package(s) announced via the FEDORA-2020-f3fcb1608a advisory.
Description:Summary:
The remote host is missing an update for the 'coturn'
package(s) announced via the FEDORA-2020-f3fcb1608a advisory.

Vulnerability Insight:
The Coturn TURN Server is a VoIP media traffic NAT traversal server and gateway.
It can be used as a general-purpose network traffic TURN server/gateway, too.

This implementation also includes some extra features. Supported RFCs:

TURN specs:

- RFC 5766 - base TURN specs

- RFC 6062 - TCP relaying TURN extension

- RFC 6156 - IPv6 extension for TURN

- Experimental DTLS support as client protocol.

STUN specs:

- RFC 3489 - 'classic' STUN

- RFC 5389 - base 'new' STUN specs

- RFC 5769 - test vectors for STUN protocol testing

- RFC 5780 - NAT behavior discovery support

The implementation fully supports the following client-to-TURN-server protocols:

- UDP (per RFC 5766)

- TCP (per RFC 5766 and RFC 6062)

- TLS (per RFC 5766 and RFC 6062), TLS1.0/TLS1.1/TLS1.2

- DTLS (experimental non-standard feature)

Supported relay protocols:

- UDP (per RFC 5766)

- TCP (per RFC 6062)

Supported user databases (for user repository, with passwords or keys, if
authentication is required):

- SQLite

- MySQL

- PostgreSQL

- Redis

Redis can also be used for status and statistics storage and notification.

Supported TURN authentication mechanisms:

- long-term

- TURN REST API (a modification of the long-term mechanism, for time-limited
secret-based authentication, for WebRTC applications)

The load balancing can be implemented with the following tools (either one or a
combination of them):

- network load-balancer server

- DNS-based load balancing

- built-in ALTERNATE-SERVER mechanism.

Affected Software/OS:
'coturn' package(s) on Fedora 30.

Solution:
Please install the updated package(s).

CVSS Score:
7.5

CVSS Vector:
AV:N/AC:L/Au:N/C:P/I:P/A:P

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-6061
Debian Security Information: DSA-4711 (Google Search)
https://www.debian.org/security/2020/dsa-4711
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/XN2NK6FT7AMW5UIZNXDNHKEAYWAUMGSF/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/OUVZRXW5ZIGWVKOLF3NPXRPP74YX7BUY/
https://lists.fedoraproject.org/archives/list/package-announce@lists.fedoraproject.org/message/HQZZPI34LAS3SFNW6Z2ZJ46RKVGEODNA/
https://talosintelligence.com/vulnerability_reports/TALOS-2020-0984
https://usn.ubuntu.com/4415-1/
Common Vulnerability Exposure (CVE) ID: CVE-2020-6062
https://talosintelligence.com/vulnerability_reports/TALOS-2020-0985
CopyrightCopyright (C) 2020 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.




© 1998-2021 E-Soft Inc. All rights reserved.