Sneed-Reactivity/yara-Neo23x0/expl_libssh_cve_2023_2283_jun23.yar

16 lines
610 B
Text
Raw Normal View History

rule HKTL_EXPL_POC_LibSSH_Auth_Bypass_CVE_2023_2283_Jun23_1 {
meta:
description = "Detects POC code used in attacks against libssh vulnerability CVE-2023-2283"
author = "Florian Roth"
reference = "https://github.com/github/securitylab/tree/1786eaae7f90d87ce633c46bbaa0691d2f9bf449/SecurityExploits/libssh/pubkey-auth-bypass-CVE-2023-2283"
date = "2023-06-08"
score = 85
id = "e72eba33-686f-5fca-bca3-2b875d1ec224"
strings:
$s1 = "nprocs = %d" ascii fullword
$s2 = "fork failed: %s" ascii fullword
condition:
uint16(0) == 0x457f and all of them
}