rule HKTL_EXPL_POC_LibSSH_Auth_Bypass_CVE_2023_2283_Jun23_1 { meta: description = "Detects POC code used in attacks against libssh vulnerability CVE-2023-2283" author = "Florian Roth" reference = "https://github.com/github/securitylab/tree/1786eaae7f90d87ce633c46bbaa0691d2f9bf449/SecurityExploits/libssh/pubkey-auth-bypass-CVE-2023-2283" date = "2023-06-08" score = 85 id = "e72eba33-686f-5fca-bca3-2b875d1ec224" strings: $s1 = "nprocs = %d" ascii fullword $s2 = "fork failed: %s" ascii fullword condition: uint16(0) == 0x457f and all of them }