Tuesday, September 30, 2014

securityonion-bro-scripts now detects the ShellShock Qmail SMTP "MAIL FROM" attack vector

Seth Hall added support for the ShellShock Qmail SMTP "MAIL FROM" attack vector to his Bro ShellShock scripts:
https://github.com/broala/bro-shellshock/commit/6ba280179e86243ecc0ed0b84d38e5906bbdcadc

I've updated the securityonion-bro-scripts package to include these changes.

New package version:
securityonion-bro-scripts - 20121004-0ubuntu0securityonion37

Issues Resolved
Issue 616: securityonion-bro-scripts: ShellShock Qmail SMTP "MAIL FROM" attack vector
https://code.google.com/p/security-onion/issues/detail?id=616

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

To apply the new Bro ShellShock detection, you'll need to restart Bro as follows:
sudo nsm_sensor_ps-restart --only-bro

Screenshots

Update Process

Restarting Bro to load new ShellShock detection

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Only 16 seats left for the 3-day Security Onion class in Richmond VA!
https://security-onion-class-20141020.eventbrite.com/

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

No comments:

Search This Blog

Featured Post

Security Onion 2.4.50 now available including some new features and lots of bug fixes!

Security Onion 2.4.50 is now available! It includes some new features for our fellow defenders and lots of bug fixes! https://docs.securityo...

Popular Posts

Blog Archive