Versions (2)
Version DetailsCurrent
Rev: 2 • Feb 6, 2026, 12:00 PMET EXPLOIT Samba rsync s2length Checksum Length Heap Buffer Overflow (CVE-2024-12084)
alert tcp any any -> $HOME_NET 873 (msg:"ET EXPLOIT Samba rsync s2length Checksum Length Heap Buffer Overflow (CVE-2024-12084)"; flow:established,to_server; content:"|40|RSYNCD|3a|"; fast_pattern; content:"--server"; content:"--sender"; content:"|00 00 07|"; content:"|0e|"; distance:0; byte_test:1,&,0x80,0,relative; byte_test:4,>,16,9,relative,little; byte_test:4,<,65,9,relative,little; reference:cve,2024-12084; classtype:attempted-user; sid:2067354; rev:2; metadata:affected_product Samba, attack_target Server, created_at 2026_02_06, cve CVE_2024_12084, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2026_02_17, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)
Feb 6, 2026, 12:00 PM
Feb 17, 2026, 12:00 PM
Feb 6, 2026, 10:34 PM
Feb 17, 2026, 10:34 PM
rules/emerging-exploit.rules