Launchpad.net

Launchpad Home
Code
Bugs
Blueprints
Translations
Answers

CVE 2018-4056

An exploitable SQL injection vulnerability exists in the administrator web portal function of coTURN prior to version 4.5.0.9. A login message with a specially crafted username can cause an SQL injection, resulting in authentication bypass, which could give access to the TURN server administrator web portal. An attacker can log in via the external interface of the TURN server to trigger this vulnerability.

Related bugs and status

CVE-2018-4056 (Candidate) is related to these bugs:

Bug #1813837: Multiple vulnerabilities affecting 4.5.0.7

Summary				In	Importance	Status
	1813837	Multiple vulnerabilities affecting 4.5.0.7		coturn (Ubuntu)	Undecided	Fix Released

See the

CVE page on Mitre.org for more details.

References

MISC: https://talosintellige...
DEBIAN: DSA-4373
MLIST: [debian-lts-announce] ...