alert smtp $HOME_NET any -> any any (msg:"ET EXPLOIT Suspected Exim External Auth Overflow (CVE-2023-4115) set"; flow:established; flowbits:set,ET.eximsmtp; flowbits:noalert; content:"ESMTP Exim|20|"; fast_pattern; reference:url,www.zerodayinitiative.com/advisories/ZDI-23-1469/; reference:url,labs.watchtowr.com/exim-0days-90s-vulns-in-90s-software/; reference:cve,2023-4115; classtype:attempted-admin; sid:2048389; rev:1; metadata:attack_target SMTP_Server, created_at 2023_10_03, cve CVE_2023_4115, deployment Perimeter, deployment SSLDecrypt, performance_impact Significant, confidence Low, signature_severity Major, tag Description_Generated_By_Proofpoint_Nexus, updated_at 2023_10_03, reviewed_at 2023_10_03; target:src_ip;)