NASLDB: Apple Xcode < 4.4 Multiple Vulnerabilities (Mac OS X)
General
ID: 61413
Name: Apple Xcode < 4.4 Multiple Vulnerabilities (Mac OS X)
Summary: Checks version of Xcode
Credits: Tenable Network Security, Inc.
Classification
Risk: –
CVSS: –
CVSS Base Vector: CVSS2#AV:N/AC:L/Au:N/C:P/I:N/A:N
CVSS Temporal Vector: CVSS2#E:U/RL:OF/RC:C
Port: 0
Family: MacOS X Local Security Checks
Type: Local
Description
The remote Mac OS X host has Apple Xcode prior to 4.4 installed. It
therefore is reportedly affected by multiple vulnerabilities :
– Known attacks on the SSL 3.0 and TLS 1.0 protocol when a
cipher suite uses a block cipher in CBC mode could be
exploited to decrypt protected data. The neon library
disables the ‘empty fragment’ countermeasure that
prevented these attacks. This issue is addressed by
enabling the countermeasure. (CVE-2011-3389)
– An information disclosure vulnerability exists that may
allow a specially crafted App Store application to read
entries in the keychain. (CVE-2012-3698)
Exploiting
Exploit Available: False
Exploitability Ease: No known exploits are available
Sources
CVE: CVE-2011-3389
OSVDB: –
Bugtraq: 49778
scipID: –
Timeline
Vulnerability Disclosure: 2012/07/25
Patch Release: 2012/07/25
Plugin Release: 2012/08/03
Plugin
Version: 1.2
Filename: macosx_xcode_4_4.nasl
Filesize: 3470 bytes
MD5 Hash: d370ea53ded10d8271a4a5ad556f9975
Identification: –
Require Keys: MacOSX/Xcode/Installed
Dependencies: ‘macosx_xcode_installed.nasl’
Copyright: This script is Copyright© 2012 Tenable Network Security, Inc.
- Letzte Plugins
- USN-1611-1 : thunderbird vulnerabilities
- USN-1610-1 : linux vulnerability
- USN-1609-1 : linux-ti-omap4 vulnerability
- SuSE 10 Security Update : PostgreSQL
- RHSA-2012-1364: bind97
- RHSA-2012-1363: bind
- RHSA-2012-1362: thunderbird
- RHSA-2012-1361: xulrunner
- Mandriva Linux Security Advisory : graphicsmagick
- FreeBSD : phpMyAdmin — Multiple XSS due to unescaped HTML output in Trigger, Procedure and Event pages and Fetching the version information from a non-SSL site is vulnerable to a MITM attack