Yara Rule - Libssh 취약점을 이용할 때 생성 된 오류 메시지 감지 CVE-2023-2283
Yara 정의.
Yara Rule - Detects error message generated when exploiting the libssh vulnerability CVE-2023-2283
Yara definition.
Author: Florian Roth
https://twitter.com/kevin_backhouse/status/1666459308941357056?s
date = "2023-06-08"
score = 85
$s1 = "nprocs = %d" ascii fullword
$s2 = "fork failed: %s" ascii fullword
uint16(0) == 0x457f and all of them
date = "2023-06-09"
score = 70
$s1 = "Failed to generate curve25519 keys" ascii fullword
$fp1 = "ssh_set_error(" // avoid detection of source code```
[https://github.com/Neo23x0/signature-base/commit/0a0d8b4354a2da0c2471fc2639b1683326b1f3c0](https://github.com/Neo23x0/signature-base/commit/0a0d8b4354a2da0c2471fc2639b1683326b1f3c0)