title: SSHD Error Message CVE-2018-15473 id: 4c9d903d-4939-4094-ade0-3cb748f4d7da status: test description: Detects exploitation attempt using public exploit code for CVE-2018-15473 author: Florian Roth references: - https://github.com/Rhynorater/CVE-2018-15473-Exploit date: 2017/08/24 modified: 2021/11/27 logsource: product: linux service: sshd detection: keywords: - 'error: buffer_get_ret: trying to get more bytes 1907 than in buffer 308 [preauth]' condition: keywords falsepositives: - Unknown level: medium tags: - attack.reconnaissance - attack.t1589