title: SSHD Error Message CVE-2018-15473
id: 4c9d903d-4939-4094-ade0-3cb748f4d7da
status: experimental
description: Detects exploitation attempt using public exploit code for CVE-2018-15473
author: Florian Roth
date: 2017/08/24
references:
    - https://github.com/Rhynorater/CVE-2018-15473-Exploit
logsource:
    product: linux
    service: sshd
detection:
    keywords:
        - 'error: buffer_get_ret: trying to get more bytes 1907 than in buffer 308 [preauth]'
    condition: keywords
falsepositives:
    - Unknown
level: medium
tags:
    - attack.reconnaissance
    - attack.t1589