title: SSHD Error Message CVE-2018-15473
id: 4c9d903d-4939-4094-ade0-3cb748f4d7da
status: test
description: Detects exploitation attempt using public exploit code for CVE-2018-15473
author: Florian Roth
references:
  - https://github.com/Rhynorater/CVE-2018-15473-Exploit
date: 2017/08/24
modified: 2021/11/27
logsource:
  product: linux
  service: sshd
detection:
  keywords:
    - 'error: buffer_get_ret: trying to get more bytes 1907 than in buffer 308 [preauth]'
  condition: keywords
falsepositives:
  - Unknown
level: medium
tags:
  - attack.reconnaissance
  - attack.t1589