""ET SCADA Golden FTP Server PASS Command Remote Buffer Overflow Attempt""

SID: 2013235

Revision: 2

Class Type: denial-of-service

Metadata: created_at 2011_07_08, confidence High, updated_at 2014_12_05

Reference:

  • bugtraq

  • 45957

Protocol: tcp

Source Network: $EXTERNAL_NET

Source Port: any

Destination Network: $HOME_NET

Destination Port: 4444

Flow: established,to_server

Contents:

  • Value: "PASS"

  • Value: !"|0A|"

Within: 1000

PCRE:

Special Options:

  • nocase

source