ATTACK [PTsecurity] Exim 4.88, 4.89 UAF RCE Attempt (CVE-2017-16943)

SID: 10002280Rev: 21 views
Sourceptresearch/attackdetection
CreatedDecember 13, 2021
UpdatedDecember 13, 2021
Classificationattempted-admin
alert smtp any any -> $HOME_NET any (msg:"ATTACK [PTsecurity] Exim 4.88, 4.89 UAF RCE Attempt (CVE-2017-16943)"; flow:established, to_server; content:"BDAT"; content:"BDAT"; within:10; pcre:"/BDAT\s*\D[^\n\r]*[\n\r][^\n\r]{100}/"; reference:cve, 2017-16943; reference:url, bugs.exim.org/show_bug.cgi?id=2199; classtype:attempted-admin; reference:url, github.com/ptresearch/AttackDetection; sid:10002280; rev:2;)

References

cve2017-16943
urlbugs.exim.org/show_bug.cgi?id=2199
urlgithub.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.
Sign in

No comments yet. Be the first to comment!