Tuesday, February 18, 2020

Vulnerability Spotlight: Memory corruption, DoS vulnerabilities in CoTURN


Aleksandar Nikolic of Cisco Talos discovered this vulnerability. Blog by Jon Munshaw.

CoTURN contains denial-of-service and memory corruption vulnerabilities in the way its web server parses POST requests. CoTURN is a TURN server implementation that can be used as a general-
purpose network traffic TURN server and gateway. The software includes a web server for administration purposes, which is where these two vulnerabilities exist.

In accordance with our coordinated disclosure policy, Cisco Talos worked with CoTURN to ensure that these issues are resolved and that an update is available for affected customers. CoTURN notified Talos that these vulnerabilities were also discovered by Quarkslab.

Vulnerability details

CoTURN HTTP Server POST-parsing memory corruption vulnerability (TALOS-2020-0984/CVE-2020-6061)

An exploitable heap overflow vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to information leaks and other misbehavior. An attacker needs to send an HTTPS request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

CoTURN HTTP Server POST-parsing denial-of-service vulnerability (TALOS-2020-0985/CVE-2020-6062)

An exploitable denial-of-service vulnerability exists in the way CoTURN 4.5.1.1 web server parses POST requests. A specially crafted HTTP POST request can lead to server crash and denial of service. An attacker needs to send an HTTP request to trigger this vulnerability.

Read the complete vulnerability advisory here for additional information.

Versions tested

Talos tested and confirmed that this vulnerability affects CoTURN version 4.5.1.1.

Coverage

The following SNORTⓇ rules will detect exploitation attempts. Note that additional rules may be released at a future date and current rules are subject to change pending additional vulnerability information. For the most current rule information, please refer to your Firepower Management Center or Snort.org.

Snort Rules: 53044, 53045

No comments:

Post a Comment