SERVER-MAIL -- Snort has detected traffic exploiting vulnerabilities in mail servers (such as Exchange, Courrier). These are different from protocol traffic, as this deals with the traffic going to the mail server itself.
SERVER-MAIL EHLO user overflow attempt
This event is generated when an attacker attempts to send an overly long EHLO SMTP message, used to exploit an off-by-one vulnerability present in the Exim mail transfer agent. Impact: Attempted Administrator Privilege Gain Details: Rule checks for overly long EHLO SMTP messages used to exploit an off-by-one vulnerability present in the Exim mail transfer agent. Ease of Attack: Simple
No information provided
No public information
No known false positives
Cisco Talos Intelligence Group
No rule groups
CVE-2018-6789 |
Loading description
|