Mac OS X Multiple Vulnerabilities (Security Update 2014-005) (POODLE) (Shellshock)

This script is Copyright (C) 2014-2017 Tenable Network Security, Inc.

Synopsis :

The remote host is missing a Mac OS X update that fixes multiple
security issues.

Description :

The remote host is running a version of Mac OS X 10.8 or 10.9 that
does not have Security Update 2014-005 applied. This update contains
several security-related fixes for the following issues :

- A command injection vulnerability in GNU Bash known as
Shellshock. The vulnerability is due to the processing
of trailing strings after function definitions in the
values of environment variables. This allows a remote
attacker to execute arbitrary code via environment
variable manipulation depending on the configuration of
the system. (CVE-2014-6271, CVE-2014-7169)

- A man-in-the-middle (MitM) information disclosure
vulnerability known as POODLE. The vulnerability is due
to the way SSL 3.0 handles padding bytes when decrypting
messages encrypted using block ciphers in cipher block
chaining (CBC) mode. A MitM attacker can decrypt a
selected byte of a cipher text in as few as 256 tries if
they are able to force a victim application to
repeatedly send the same data over newly created SSL 3.0
connections. (CVE-2014-3566)

Note that successful exploitation of the most serious issues can
result in arbitrary code execution.

See also :

Solution :

Install Security Update 2014-005 or later.

Risk factor :

Critical / CVSS Base Score : 10.0
CVSS Temporal Score : 8.3
Public Exploit Available : true

Family: MacOS X Local Security Checks

Nessus Plugin ID: 78551 ()

Bugtraq ID: 70103

CVE ID: CVE-2014-3566

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now