Rule History

SID: 10002280 • Source: ptrules/open

Versions (6)

Version DetailsCurrent

Rev: 2 • Jul 24, 2025, 5:44 PM

Message:

ATTACK [PTsecurity] Exim 4.88, 4.89 UAF RCE Attempt (CVE-2017-16943)

Rule:

alert smtp any any -> any any (msg: "ATTACK [PTsecurity] Exim 4.88, 4.89 UAF RCE Attempt (CVE-2017-16943)"; flow: established, to_server; content: "BDAT"; content: "BDAT"; within: 10; pcre: "/BDAT\s*\D[^\n\r]*[\n\r][^\n\r]{100}/"; reference: cve, 2017-16943; reference: url, bugs.exim.org/show_bug.cgi?id=2199; reference: url, rules.ptsecurity.com; classtype: attempted-admin; sid: 10002280; rev: 2;)

Created:

Jul 24, 2025, 5:44 PM

Updated:

Jul 24, 2025, 5:44 PM

DB Created:

Oct 16, 2025, 10:34 AM

DB Updated:

Oct 16, 2025, 10:34 AM

Filename:

rules/ptopen-attacks.rules