Apple Xcode < 7.0 (Mac OS X) (POODLE)

high Nessus Plugin ID 86245
New! Plugin Severity Now Using CVSS v3

The calculated severity for Plugins has been updated to use CVSS v3 by default. Plugins that do not have a CVSS v3 score will fall back to CVSS v2 for calculating severity. Severity display preferences can be toggled in the settings dropdown.

Synopsis

The remote Mac OS X host has an application installed that is affected by multiple vulnerabilities.

Description

The version of Apple Xcode installed on the remote Mac OS X host is prior to 7.0. It is, therefore, affected by the multiple vulnerabilities :

- A memory leak issue exists in file d1_srtp.c related to the DTLS SRTP extension handling and specially crafted handshake messages. An attacker can exploit this to cause denial of service condition. (CVE-2014-3513)

- A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
(CVE-2014-3566)

- A memory leak issue exists in file t1_lib.c related to session ticket handling. An attacker can exploit this to cause denial of service condition. (CVE-2014-3567)

- An error exists related to the build configuration process and the 'no-ssl3' build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568)

- A directory traversal vulnerability exists in send.js due to improper sanitization of user-supplied input.
A remote, unauthenticated attacker can exploit this, via a specially crafted request, to access arbitrary files outside of the restricted path. (CVE-2014-6394)

- A denial of service vulnerability exists in the mod_dav_svn and svnserve servers of Apache Subversion. A remote, unauthenticated attacker can exploit this, via a crafted combination of parameters, to cause the current process to abort through a failed assertion.
(CVE-2015-0248)

- A flaw exists in the mod_dav_svn server of Apache Subversion. A remote, authenticated attacker can exploit this, via a crafted HTTP request sequence, to spoof an 'svn:author' property value. (CVE-2015-0251)

- A flaw exists in the Apache HTTP Server due to the ap_some_auth_required() function in file request.c not properly handling Require directive associations. A remote, unauthenticated attacker can exploit this to bypass access restrictions, by leveraging a module that relies on the 2.2 API behavior. (CVE-2015-3185)

- A flaw exists in the IDE Xcode server due to improper restriction of access to the repository email lists. A remote, unauthenticated attacker can exploit this to access sensitive build information, by leveraging incorrect notification delivery. (CVE-2015-5909)

- A flaw exists in the IDE Xcode server due to the transmission of server information in cleartext. A remote, man-in-the-middle attacker can exploit this to access sensitive information. (CVE-2015-5910)

Solution

Upgrade to Apple Xcode version 7.0, which is available for OS X version 10.10.4 (Yosemite) or later.

See Also

https://support.apple.com/en-ca/HT205217

http://www.nessus.org/u?9042c568

https://www.imperialviolet.org/2014/10/14/poodle.html

https://www.openssl.org/~bodo/ssl-poodle.pdf

https://tools.ietf.org/html/draft-ietf-tls-downgrade-scsv-00

Plugin Details

Severity: High

ID: 86245

File Name: macosx_xcode_7_0.nasl

Version: 1.10

Type: local

Agent: macosx

Published: 10/2/2015

Updated: 5/5/2020

Dependencies: macosx_xcode_installed.nasl

Risk Information

CVSS Score Source: CVE-2014-6394

VPR

Risk Factor: Medium

Score: 5.7

CVSS v2

Risk Factor: High

Base Score: 7.5

Temporal Score: 5.5

Vector: AV:N/AC:L/Au:N/C:P/I:P/A:P

Temporal Vector: E:U/RL:OF/RC:C

CVSS v3

Risk Factor: High

Base Score: 7.3

Vector: CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:L

Vulnerability Information

CPE: cpe:/a:apple:xcode

Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/Apple Xcode

Exploit Ease: No known exploits are available

Patch Publication Date: 9/16/2015

Vulnerability Publication Date: 10/14/2014

Reference Information

CVE: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-6394, CVE-2015-0248, CVE-2015-0251, CVE-2015-3185, CVE-2015-5909, CVE-2015-5910

BID: 70100, 70574, 70584, 70585, 70586, 74259, 74260, 75965

APPLE-SA: APPLE-SA-2015-09-16-2

CERT: 577193