[go: up one dir, main page]
Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add Sigma rule for CVE-2024-38063 IPv6 memory corruption detection #4988

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

Add Sigma rule for CVE-2024-38063 IPv6 memory corruption detection #4988

wants to merge 1 commit into from
+28 −0

Conversation

zenzue
Copy link
@zenzue zenzue commented Aug 28, 2024
edited

add rule for contribute

Summary of the Pull Request

This pull request introduces a new Sigma rule designed to detect exploitation attempts associated with CVE-2024-38063. The rule identifies specific network traffic patterns that may indicate an attempt to exploit memory corruption vulnerabilities in systems using IPv6.

Changelog

new: CVE-2024-38063_ipv6_memory_corruption_detection.yml - Adds a rule for detecting suspicious IPv6 packet patterns that may indicate exploitation of CVE-2024-38063.

Example Log Event

{
    "protocol": "IPv6",
    "events": {
        "FragmentationEvent": true,
        "AnomalousIPv6OptionHeaderEvent": true
    },
    "packet_length": "1337",
    "src_ip": "2001:db8::1",
    "dst_ip": "2001:db8::2",
    "info": "Detected packet with potentially malicious fragmentation and option headers"
}

Fixed Issues

https://techcommunity.microsoft.com/t5/windows-server-for-it-pro/cve-2024-38063-disabling-ipv6-binding-fix-or-not/td-p/4220374

SigmaHQ Rule Creation Conventions

  • If your PR adds new rules, please consider following and applying these conventions

@zenzue
Add files via upload
1ef759c 
add rule for contribute
github-actions[bot]
github-actions bot reviewed Aug 28, 2024
View reviewed changes
Copy link
Contributor
@github-actions github-actions bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Welcome @zenzue 👋

It looks like this is your first pull request on the Sigma rules repository!

Please make sure to read the SigmaHQ conventions document to make sure your contribution is adhering to best practices and has all the necessary elements in place for a successful approval.

Thanks again, and welcome to the Sigma community! 😃

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@github-actions GitHub Actions github-actions left review comments

Assignees
No one assigned
Labels
Emerging-Threats Rules
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
1 participant
@zenzue