""ET EXPLOIT Exim4 UAF Attempt (BDAT with non-printable chars)""
SID: 2025063
Revision: 3
Class Type: attempted-admin
Metadata: attack_target SMTP_Server, created_at 2017_11_27, deployment Internal, deployment Datacenter, performance_impact Moderate, signature_severity Major, updated_at 2017_11_28
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $SMTP_SERVERS
Destination Port: [25,587]
Flow: established,to_server
Contents:
- Value: "BDAT" Depth: 5
Within:
PCRE: "/^\s\d[^\x20-\x7e\r\n\t]/R"
Special Options: