Apple Xcode < 6.2 beta 3 .git/config Command Execution (Mac OS X) (deprecated)
Medium Nessus Plugin ID 80828
SynopsisThis plugin has been deprecated.
DescriptionThe remote Mac OS X host has a version of Apple Xcode prior to 6.2 beta 3. It is, therefore, affected by a remote command execution vulnerability when processing git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a specially crafted git tree, can overwrite a user's '.git/config' file when the user clones or checks out a repository, allowing arbitrary command execution.
This plugin has been deprecated. It detects Xcode installations vulnerable to CVE-2014-9390, and was created before Apple released a security update to fix this vulnerability. On March 9, 2015, a security update for Xcode has been released. The update fixes multiple vulnerabilities (including CVE-2014-9390). A separate plugin (ID 81758) has been created to detect that update. That plugin should be used instead of this one.