Tuesday, September 30, 2014

securityonion-bro-scripts now detects the ShellShock Qmail SMTP "MAIL FROM" attack vector

Seth Hall added support for the ShellShock Qmail SMTP "MAIL FROM" attack vector to his Bro ShellShock scripts:
https://github.com/broala/bro-shellshock/commit/6ba280179e86243ecc0ed0b84d38e5906bbdcadc

I've updated the securityonion-bro-scripts package to include these changes.

New package version:
securityonion-bro-scripts - 20121004-0ubuntu0securityonion37

Issues Resolved
Issue 616: securityonion-bro-scripts: ShellShock Qmail SMTP "MAIL FROM" attack vector
https://code.google.com/p/security-onion/issues/detail?id=616

Updating
The new package is now available in our stable repo.  Please see the following page for full update instructions:
https://code.google.com/p/security-onion/wiki/Upgrade

To apply the new Bro ShellShock detection, you'll need to restart Bro as follows:
sudo nsm_sensor_ps-restart --only-bro

Screenshots

Update Process

Restarting Bro to load new ShellShock detection

Feedback
If you have any questions or problems, please use our security-onion mailing list:
https://code.google.com/p/security-onion/wiki/MailingLists

Training
Only 16 seats left for the 3-day Security Onion class in Richmond VA!
https://security-onion-class-20141020.eventbrite.com/

Commercial Support
Need commercial support?  Please see:
http://securityonionsolutions.com

Help Wanted
If you and/or your organization have found value in Security Onion, please consider giving back to the community by joining one of our teams:
https://code.google.com/p/security-onion/wiki/TeamMembers

We especially need help in answering support questions on the mailing list:
http://groups.google.com/group/security-onion

We also need help testing new packages:
http://groups.google.com/group/security-onion-testing

Thanks!

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.