""ET EXPLOIT [PT Security] Exim <4.90.1 Base64 Overflow RCE (CVE-2018-6789)""
SID: 2025427
Revision: 1
Class Type: attempted-admin
Metadata: attack_target SMTP_Server, created_at 2018_03_13, cve CVE_2018_6789, deployment Perimeter, performance_impact Moderate, signature_severity Minor, updated_at 2018_03_13
Reference:
Protocol: tcp
Source Network: any
Source Port: any
Destination Network: $HOME_NET
Destination Port: 25
Flow: established,to_server,only_stream
Contents:
- Value: "|0D 0A|AUTH"
Within:
PCRE: "/AUTH\s+\S+\s+(?:[a-zA-Z0-9+\/=]{4})*+[a-zA-Z0-9+\/=]{3}\s/"
Special Options: