CVE-2023-4911 Scenario

« CVE-2023-4911 »
v0.5 by crowdsecurity
Attack scenarioservice:linuxspoofable:0MITRE:T1548confidence:1

exploitation of CVE-2023-4911: segfaulting in dynamic loader

Installation

cscli scenarios install crowdsecurity/CVE-2023-4911

YAML Configuration

1type: trigger
2name: crowdsecurity/CVE-2023-4911
3description: "exploitation of CVE-2023-4911: segfaulting in dynamic loader"
4filter: "evt.Meta.log_type == 'kernel' && evt.Meta.sub_log_type == 'segfault' && evt.Meta.library startsWith 'ld-linux-'"
5blackhole: 1m
6labels:
7  confidence: 1
8  spoofable: 0
9  classification:
10    - attack.T1548.004
11  behavior: "linux:exploitation"
12  label: "CVE-2023-4911"
13  service: linux
14  remediation: false
15scope:
16  type: exe
17  expression: evt.Meta.binary
18

Hub configuration

« CVE-2023-4911 »v0.5 by crowdsecurityAttack scenarioservice:linuxspoofable:0MITRE:T1548confidence:1

« CVE-2023-4911 »
v0.5 by crowdsecurity
Attack scenarioservice:linuxspoofable:0MITRE:T1548confidence:1