ET EXPLOIT Samba rsync s2length Checksum Length Heap Buffer Overflow (CVE-2024-12084)

SID: 2067354Rev: 24 viewsHistory

Sourceet/open

CreatedFebruary 6, 2026

UpdatedFebruary 17, 2026

Classificationattempted-user

alert tcp any any -> $HOME_NET 873 (msg:"ET EXPLOIT Samba rsync s2length Checksum Length Heap Buffer Overflow (CVE-2024-12084)"; flow:established,to_server; content:"|40|RSYNCD|3a|"; fast_pattern; content:"--server"; content:"--sender"; content:"|00 00 07|"; content:"|0e|"; distance:0; byte_test:1,&,0x80,0,relative; byte_test:4,>,16,9,relative,little; byte_test:4,<,65,9,relative,little; reference:cve,2024-12084; classtype:attempted-user; sid:2067354; rev:2; metadata:affected_product Samba, attack_target Server, created_at 2026_02_06, cve CVE_2024_12084, deployment Perimeter, deployment Internal, confidence Medium, signature_severity Major, tag Exploit, updated_at 2026_02_17, mitre_tactic_id TA0001, mitre_tactic_name Initial_Access, mitre_technique_id T1190, mitre_technique_name Exploit_Public_Facing_Application; target:dest_ip;)

References

cve	2024-12084

Metadata

affected productSamba

attack targetServer

created at2026_02_06

cveCVE-2024-12084

deploymentInternal

confidenceMedium

signature severityMajor

tagExploit

updated at2026_02_17

mitre tactic idTA0001

mitre tactic nameInitial_Access

mitre technique idT1190

mitre technique nameExploit_Public_Facing_Application

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!