Detect Baron Samedit Cve-2021-3156 Segfault
Description
This search detects the heap-based buffer overflow of sudoedit
Help |
---|
Detect Baron Samedit Cve-2021-3156 Segfault HelpSplunk Universal Forwarder running on Linux systems (tested on Centos and Ubuntu), where segfaults are being logged. This also captures instances where the exploit has been compiled into a binary. The detection looks for greater than 5 instances of sudoedit combined with segfault over your search time period on a single host |
Search |
---|
Open in Search |