mirror of
https://github.com/valitydev/signature-base.git
synced 2024-11-07 02:25:19 +00:00
Improved DirtyCOW Rule
This commit is contained in:
parent
7a219e5a4b
commit
c1d9a5379c
@ -34,9 +34,12 @@ rule Linux_DirtyCow_Exploit {
|
||||
$s2 = "/proc/%d/mem"
|
||||
$s3 = "/proc/self/map"
|
||||
$s4 = "/proc/%d/map"
|
||||
|
||||
$p1 = "pthread_create" fullword ascii
|
||||
$p2 = "pthread_join" fullword ascii
|
||||
condition:
|
||||
( uint16(0) == 0x457f and $a1 ) or
|
||||
all of ($b*) or
|
||||
3 of ($source*) or
|
||||
( uint16(0) == 0x457f and 1 of ($s*) and filesize < 20KB )
|
||||
( uint16(0) == 0x457f and 1 of ($s*) and all of ($p*) and filesize < 20KB )
|
||||
}
|
||||
|
Loading…
Reference in New Issue
Block a user