Логотип exploitDog
Консоль
Логотип exploitDog

exploitDog

ubuntu логотип

CVE-2018-4058

Опубликовано: 21 мар. 2019
Источник: ubuntu
Приоритет: medium
CVSS2: 4
CVSS3: 7.7

Описание

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.

РелизСтатусПримечание
bionic

released

4.5.0.7-1ubuntu2.18.04.1
cosmic

released

4.5.0.7-1ubuntu2.18.10.1
devel

not-affected

4.5.1.1-1.1build1
disco

not-affected

4.5.1.0-1build1
eoan

not-affected

4.5.1.1-1.1build1
esm-apps/bionic

released

4.5.0.7-1ubuntu2.18.04.1
esm-apps/focal

not-affected

4.5.1.1-1.1build1
esm-apps/xenial

released

4.5.0.3-1ubuntu0.2
esm-infra-legacy/trusty

DNE

focal

not-affected

4.5.1.1-1.1build1

Показывать по

Ссылки на источники

4 Medium

CVSS2

7.7 High

CVSS3

Связанные уязвимости

nvd логотип

CVE-2018-4058

CVSS3: 7.7
nvd
почти 7 лет назад

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.

debian логотип

CVE-2018-4058

CVSS3: 7.7
debian
почти 7 лет назад

An exploitable unsafe default configuration vulnerability exists in th ...

github логотип

GHSA-j75v-963h-65p5

CVSS3: 7.7
github
больше 3 лет назад

An exploitable unsafe default configuration vulnerability exists in the TURN server functionality of coTURN prior to 4.5.0.9. By default, the TURN server allows relaying external traffic to the loopback interface of its own host. This can provide access to other private services running on that host, which can lead to further attacks. An attacker can set up a relay with a loopback address as the peer on an affected TURN server to trigger this vulnerability.

fstec логотип

BDU:2019-01560

CVSS3: 7.7
fstec
около 7 лет назад

Уязвимость сервера coTURN, связанная с ошибкой конфигурации, позволяющая нарушителю оказать воздействие на целостность данных

4 Medium

CVSS2

7.7 High

CVSS3