Buffer Overflow Attempts
Detects buffer overflow attempts in Unix system log files
Sigma rule (View on GitHub)
1title: Buffer Overflow Attempts
2id: 18b042f0-2ecd-4b6e-9f8d-aa7a7e7de781
3status: stable
4description: Detects buffer overflow attempts in Unix system log files
5references:
6 - https://github.com/ossec/ossec-hids/blob/1ecffb1b884607cb12e619f9ab3c04f530801083/etc/rules/attack_rules.xml
7author: Florian Roth (Nextron Systems)
8date: 2017-03-01
9tags:
10 - attack.t1068
11 - attack.privilege-escalation
12logsource:
13 product: linux
14detection:
15 keywords:
16 - 'attempt to execute code on stack by'
17 - 'FTP LOGIN FROM .* 0bin0sh'
18 - 'rpc.statd[\d+]: gethostbyname error for'
19 - 'AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAA'
20 condition: keywords
21falsepositives:
22 - Unknown
23level: high
References
Related rules
- Audit CVE Event
- Exploiting SetupComplete.cmd CVE-2019-1378
- Nimbuspwn Exploitation
- OMIGOD HTTP No Authentication RCE
- OMIGOD SCX RunAsProvider ExecuteScript