ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)
Sourceet/open
Fileemerging-exploit.rules
CreatedJuly 30, 2010
UpdatedMarch 14, 2024
Classificationmisc-activity
alert tcp $EXTERNAL_NET any -> $SMTP_SERVERS 25 (msg:"ET EXPLOIT MS Exchange Link State Routing Chunk (maybe MS05-021)"; flow:established,to_server ; flowbits:set,msxlsa ; content:"X-LINK2STATE"; nocase; content:"CHUNK="; nocase; threshold:type limit, track by_src, count 1, seconds 60 ; reference:cve,CAN-2005-0560 ; reference:url,isc.sans.org/diary.php?date=2005-04-12 ; reference:url,www.microsoft.com/technet/security/bulletin/MS05-021.mspx ; classtype:misc-activity; sid:2001873; rev:11; metadata:created_at 2010_07_30, confidence Medium, signature_severity Major, updated_at 2024_03_14;)
References
Metadata
created at2010_07_30
confidenceMedium
signature severityMajor
updated at2024_03_14
Comments (0)
Please sign in to leave a comment.
Sign inNo comments yet. Be the first to comment!