SSHD Error Message CVE-2018-15473

Feb 1, 2023 · attack.reconnaissance attack.t1589 ·

Detects exploitation attempt using public exploit code for CVE-2018-15473

Sigma rule (View on GitHub)

 1title: SSHD Error Message CVE-2018-15473
 2id: 4c9d903d-4939-4094-ade0-3cb748f4d7da
 3status: test
 4description: Detects exploitation attempt using public exploit code for CVE-2018-15473
 5references:
 6    - https://github.com/Rhynorater/CVE-2018-15473-Exploit
 7author: Florian Roth (Nextron Systems)
 8date: 2017/08/24
 9modified: 2021/11/27
10tags:
11    - attack.reconnaissance
12    - attack.t1589
13logsource:
14    product: linux
15    service: sshd
16detection:
17    keywords:
18        - 'error: buffer_get_ret: trying to get more bytes 1907 than in buffer 308 [preauth]'
19    condition: keywords
20falsepositives:
21    - Unknown
22level: medium

References

GitHub - Rhynorater/CVE-2018-15473-Exploit: Exploit written in Python for CVE-2018-15473 with threading and export formats

Exploit written in Python for CVE-2018-15473 with threading and export formats - Rhynorater/CVE-2018-15473-Exploit

Read More

Related rules

Cat Sudoers

SSHD Error Message CVE-2018-15473

Sigma rule (View on GitHub)

References

GitHub - Rhynorater/CVE-2018-15473-Exploit: Exploit written in Python for CVE-2018-15473 with threading and export formats

Related rules