Search 219043 CVE descriptions
and 99761 test descriptions,
access 10,000+ cross references.
Tests   CVE   All  

Test ID:
Category:Fedora Local Security Checks
Title:Fedora: Security Advisory for coturn (FEDORA-2021-dee141fc61)
Summary:The remote host is missing an update for the 'coturn'; package(s) announced via the FEDORA-2021-dee141fc61 advisory.
The remote host is missing an update for the 'coturn'
package(s) announced via the FEDORA-2021-dee141fc61 advisory.

Vulnerability Insight:
The Coturn TURN Server is a VoIP media traffic NAT traversal server and gateway.
It can be used as a general-purpose network traffic TURN server/gateway, too.

This implementation also includes some extra features. Supported RFCs:

TURN specs:

- RFC 5766 - base TURN specs

- RFC 6062 - TCP relaying TURN extension

- RFC 6156 - IPv6 extension for TURN

- Experimental DTLS support as client protocol.

STUN specs:

- RFC 3489 - 'classic' STUN

- RFC 5389 - base 'new' STUN specs

- RFC 5769 - test vectors for STUN protocol testing

- RFC 5780 - NAT behavior discovery support

The implementation fully supports the following client-to-TURN-server protocols:

- UDP (per RFC 5766)

- TCP (per RFC 5766 and RFC 6062)

- TLS (per RFC 5766 and RFC 6062), TLS1.0/TLS1.1/TLS1.2

- DTLS (experimental non-standard feature)

Supported relay protocols:

- UDP (per RFC 5766)

- TCP (per RFC 6062)

Supported user databases (for user repository, with passwords or keys, if
authentication is required):

- SQLite


- PostgreSQL

- Redis

Redis can also be used for status and statistics storage and notification.

Supported TURN authentication mechanisms:

- long-term

- TURN REST API (a modification of the long-term mechanism, for time-limited
secret-based authentication, for WebRTC applications)

The load balancing can be implemented with the following tools (either one or a
combination of them):

- network load-balancer server

- DNS-based load balancing

- built-in ALTERNATE-SERVER mechanism.

Affected Software/OS:
'coturn' package(s) on Fedora 33.

Please install the updated package(s).

CVSS Score:

CVSS Vector:

Cross-Ref: Common Vulnerability Exposure (CVE) ID: CVE-2020-26262
CopyrightCopyright (C) 2021 Greenbone Networks GmbH

This is only one of 99761 vulnerability tests in our test suite. Find out more about running a complete security audit.

To run a free test of this vulnerability against your system, register below.

© 1998-2021 E-Soft Inc. All rights reserved.