""ET EXPLOIT Possible Qmail CVE-2014-6271 Mail From attempt""

SID: 2019293

Revision: 2

Class Type: attempted-admin

Metadata: created_at 2014_09_29, cve CVE_2014_6271, updated_at 2014_10_01

Reference:

• Link

Protocol: tcp

Source Network: any

Source Port: any

Destination Network: $HOME_NET

Destination Port: [25,587]

Flow: to_server,established

Contents:

• Value: "|28 29 20 7b|"

Within:

PCRE: "/^mail\s?from\s?\x3a\s?[^\r\n]?\x28\x29\x20\x7b/mi"

Special Options:

source