SynopsisThe remote Mac OS X host has an application installed that is affected by multiple vulnerabilities.
DescriptionThe version of Apple Xcode installed on the remote Mac OS X host is prior to 7.0. It is, therefore, affected by the multiple vulnerabilities :
- A memory leak issue exists in file d1_srtp.c related to the DTLS SRTP extension handling and specially crafted handshake messages. An attacker can exploit this to cause denial of service condition. (CVE-2014-3513)
- A man-in-the-middle (MitM) information disclosure vulnerability, known as POODLE, exists due to the way SSL 3.0 handles padding bytes when decrypting messages encrypted using block ciphers in cipher block chaining (CBC) mode. A MitM attacker can decrypt a selected byte of a cipher text in as few as 256 tries if they are able to force a victim application to repeatedly send the same data over newly created SSL 3.0 connections.
- A memory leak issue exists in file t1_lib.c related to session ticket handling. An attacker can exploit this to cause denial of service condition. (CVE-2014-3567)
- An error exists related to the build configuration process and the 'no-ssl3' build option that allows servers and clients to process insecure SSL 3.0 handshake messages. (CVE-2014-3568)
- A directory traversal vulnerability exists in send.js due to improper sanitization of user-supplied input.
A remote, unauthenticated attacker can exploit this, via a specially crafted request, to access arbitrary files outside of the restricted path. (CVE-2014-6394)
- A denial of service vulnerability exists in the mod_dav_svn and svnserve servers of Apache Subversion. A remote, unauthenticated attacker can exploit this, via a crafted combination of parameters, to cause the current process to abort through a failed assertion.
- A flaw exists in the mod_dav_svn server of Apache Subversion. A remote, authenticated attacker can exploit this, via a crafted HTTP request sequence, to spoof an 'svn:author' property value. (CVE-2015-0251)
- A flaw exists in the Apache HTTP Server due to the ap_some_auth_required() function in file request.c not properly handling Require directive associations. A remote, unauthenticated attacker can exploit this to bypass access restrictions, by leveraging a module that relies on the 2.2 API behavior. (CVE-2015-3185)
- A flaw exists in the IDE Xcode server due to improper restriction of access to the repository email lists. A remote, unauthenticated attacker can exploit this to access sensitive build information, by leveraging incorrect notification delivery. (CVE-2015-5909)
- A flaw exists in the IDE Xcode server due to the transmission of server information in cleartext. A remote, man-in-the-middle attacker can exploit this to access sensitive information. (CVE-2015-5910)
SolutionUpgrade to Apple Xcode version 7.0, which is available for OS X version 10.10.4 (Yosemite) or later.
File Name: macosx_xcode_7_0.nasl
Supported Sensors: Nessus Agent
Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Required KB Items: Host/local_checks_enabled, Host/MacOSX/Version, installed_sw/Apple Xcode
Exploit Ease: No known exploits are available
Patch Publication Date: 9/16/2015
Vulnerability Publication Date: 10/14/2014
CVE: CVE-2014-3513, CVE-2014-3566, CVE-2014-3567, CVE-2014-3568, CVE-2014-6394, CVE-2015-0248, CVE-2015-0251, CVE-2015-3185, CVE-2015-5909, CVE-2015-5910
BID: 70100, 70574, 70584, 70585, 70586, 74259, 74260, 75965