Arbitrary file overwrite via CLI command
Summary
Coturn is a free open source implementation of TURN and STUN Server. Prior to 4.13.0, the psd print sessions dump CLI command in coturn takes a filename argument and directly passes it to fopen with no path validation. An authenticated admin with CLI access can overwrite arbitrary files writable by the coturn process because the command string is used as-is after stripping the psd prefix and leading spaces, allowing truncation and overwrite with session dump data. This issue is fixed in version 4.13.0. An authenticated administrator with command-line interface (CLI) access could exploit a vulnerability in the `psd print sessions dump` command. This flaw allows the administrator to overwrite arbitrary files on the system that are writable by the Coturn process, potentially leading to data corruption or denial of service. This flaw affects the community-maintained coturn TURN/STUN server as shipped in Fedora and EPEL. Red Hat does not ship coturn in any core Red Hat product. Fedora and EPEL currently ship coturn 4.14.0, which already includes the fix released in 4.13.0, so the shipped builds are not vulnerable to this arbitrary file overwrite via the CLI psd command. Red Hat severity: Moderate — CVSS 6 (CVSS:3.1/AV:L/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H). Weakness: CWE-22.
- < 4.13.0
Official advisory · high-confidence parse· fetched 1 hour ago·verify at source
Mitigation checklist
- No action needed — the shipped coturn build (4.14.0) already contains the upstream fix.
Official advisory · high-confidence parse· fetched 1 hour ago·verify at source
Discussion(0)
No comments yet. Share field notes, upgrade gotchas, or questions — verify against the vendor advisory before acting on community advice.
Sign in to join the discussion.