ATTACK [PTsecurity] Exim <4.90.1 Base64 Overflow RCE (CVE-2018-6789)

SID: 10002643Rev: 30 views

Sourceptresearch/attackdetection

CreatedDecember 13, 2021

UpdatedDecember 13, 2021

Classificationattempted-admin

alert tcp any any -> $HOME_NET 25 (msg:"ATTACK [PTsecurity] Exim <4.90.1 Base64 Overflow RCE (CVE-2018-6789)"; flow:established, to_server, only_stream; content:"|0D 0A|AUTH"; pcre:"/AUTH\s+\S+\s+(?:[a-zA-Z0-9\+\/=]{4})*+[a-zA-Z0-9\+\/=]{3}\s/"; reference:cve, 2018-6789; reference:url, https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/; reference:url, github.com/ptresearch/AttackDetection; classtype:attempted-admin; sid:10002643; rev:3;)

References

cve	2018-6789
url	https://devco.re/blog/2018/03/06/exim-off-by-one-RCE-exploiting-CVE-2018-6789-en/
url	github.com/ptresearch/AttackDetection

Comments (0)

Please sign in to leave a comment.

No comments yet. Be the first to comment!