Apple Xcode < 7.0 (Mac OS X) (POODLE)

This script is Copyright (C) 2015-2016 Tenable Network Security, Inc.


Synopsis :

The remote Mac OS X host has an application installed that is affected
by multiple vulnerabilities.

Description :

The version of Apple Xcode installed on the remote Mac OS X host is
prior to 7.0. It is, therefore, affected by the multiple
vulnerabilities :

- A memory leak issue exists in file d1_srtp.c related to
the DTLS SRTP extension handling and specially crafted
handshake messages. An attacker can exploit this to
cause denial of service condition. (CVE-2014-3513)

- A man-in-the-middle (MitM) information disclosure
vulnerability, known as POODLE, exists due to the way
SSL 3.0 handles padding bytes when decrypting messages
encrypted using block ciphers in cipher block chaining
(CBC) mode. A MitM attacker can decrypt a selected byte
of a cipher text in as few as 256 tries if they are able
to force a victim application to repeatedly send the
same data over newly created SSL 3.0 connections.
(CVE-2014-3566)

- A memory leak issue exists in file t1_lib.c related to
session ticket handling. An attacker can exploit this to
cause denial of service condition. (CVE-2014-3567)

- An error exists related to the build configuration
process and the 'no-ssl3' build option that allows
servers and clients to process insecure SSL 3.0
handshake messages. (CVE-2014-3568)

- A directory traversal vulnerability exists in send.js
due to improper sanitization of user-supplied input.
A remote, unauthenticated attacker can exploit this, via
a specially crafted request, to access arbitrary files
outside of the restricted path. (CVE-2014-6394)

- A denial of service vulnerability exists in the
mod_dav_svn and svnserve servers of Apache Subversion. A
remote, unauthenticated attacker can exploit this, via a
crafted combination of parameters, to cause the current
process to abort through a failed assertion.
(CVE-2015-0248)

- A flaw exists in the mod_dav_svn server of Apache
Subversion. A remote, authenticated attacker can exploit
this, via a crafted HTTP request sequence, to spoof an
'svn:author' property value. (CVE-2015-0251)

- A flaw exists in the Apache HTTP Server due to the
ap_some_auth_required() function in file request.c not
properly handling Require directive associations. A
remote, unauthenticated attacker can exploit this to
bypass access restrictions, by leveraging a module that
relies on the 2.2 API behavior. (CVE-2015-3185)

- A flaw exists in the IDE Xcode server due to improper
restriction of access to the repository email lists. A
remote, unauthenticated attacker can exploit this to
access sensitive build information, by leveraging
incorrect notification delivery. (CVE-2015-5909)

- A flaw exists in the IDE Xcode server due to the
transmission of server information in cleartext. A
remote, man-in-the-middle attacker can exploit this to
access sensitive information. (CVE-2015-5910)

See also :

https://support.apple.com/en-ca/HT205217
http://www.nessus.org/u?9042c568
https://www.imperialviolet.org/2014/10/14/poodle.html
https://www.openssl.org/~bodo/ssl-poodle.pdf
https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Solution :

Upgrade to Apple Xcode version 7.0, which is available for OS X
version 10.10.4 (Yosemite) or later.

Risk factor :

High / CVSS Base Score : 7.5
(CVSS2#AV:N/AC:L/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 6.5
(CVSS2#E:ND/RL:OF/RC:C)
Public Exploit Available : false

Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now