Versions (3)
Version DetailsCurrent
Rev: 1 • May 25, 2017, 12:00 PMET EXPLOIT Samba Arbitrary Module Loading Vulnerability (NT Create AndX .so) (CVE-2017-7494)
alert tcp any any -> $HOME_NET 445 (msg:"ET EXPLOIT Samba Arbitrary Module Loading Vulnerability (NT Create AndX .so) (CVE-2017-7494)"; flow:to_server,established; content:"SMB|a2 00|"; offset:5; depth:5; content:"|00 00|"; distance:1; within:2; content:"|2e|so|00|"; fast_pattern; distance:16; reference:cve,2017-7494; reference:url,github.com/rapid7/metasploit-framework/pull/8450; classtype:attempted-admin; sid:2024336; rev:1; metadata:attack_target SMB_Server, created_at 2017_05_25, cve CVE_2017_7494, deployment Datacenter, performance_impact Low, signature_severity Critical, tag CISA_KEV, updated_at 2019_07_26;)
May 25, 2017, 12:00 PM
Jul 26, 2019, 12:00 PM
Sep 21, 2024, 3:00 AM
May 30, 2025, 12:04 AM
rules/emerging-exploit.rules