13 lines
541 B
Plaintext
13 lines
541 B
Plaintext
|
|
rule Backdoor_Linux_CVE-2012-0809_A_xp{
|
|
meta:
|
|
description = "Backdoor:Linux/CVE-2012-0809.A!xp,SIGNATURE_TYPE_ELFHSTR_EXT,03 00 03 00 03 00 00 "
|
|
|
|
strings :
|
|
$a_00_0 = {57 72 69 74 69 6e 67 20 53 55 44 4f 5f 41 53 4b 50 41 53 53 20 66 69 6c 65 3a 20 25 73 } //1 Writing SUDO_ASKPASS file: %s
|
|
$a_00_1 = {76 75 6c 6e 5f 73 75 64 6f 5f 76 65 72 73 69 6f 6e 73 } //1 vuln_sudo_versions
|
|
$a_00_2 = {77 72 69 74 65 5f 62 61 63 6b 64 6f 6f 72 } //1 write_backdoor
|
|
condition:
|
|
((#a_00_0 & 1)*1+(#a_00_1 & 1)*1+(#a_00_2 & 1)*1) >=3
|
|
|
|
} |