GEN:SID 1:2183
Message SMTP Content-Transfer-Encoding overflow attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in certain versions of Sendmail.
Impact Denial of Service (DoS), possible arbitrary code execution and the
remote attacker can gain access to a machine with the credentials of
the user running the Sendmail daemon, usually 'root'.
Detailed Information A vulnerability exists in the Sendmail MTA Daemon that could allow an
attacker the opportunity to gain root access.

A programming error exists such that a buffer overflow can be caused
using the header fields in an SMTP session. The prescan() function does
not properly handle certain conversions from character and integer
types. This can cause Sendmail to interpret the value as a special
control value (NOCHAR).

This rule detects specific exploit code attacks against a server using
Sendmail.
Affected Systems Sendmail Pro (all versions)
    Sendmail Switch 2.1 prior to 2.1.6
    Sendmail Switch 2.2 prior to 2.2.6
    Sendmail Switch 3.0 prior to 3.0.4
    Sendmail for NT 2.X prior to 2.6.3
    Sendmail for NT 3.0 prior to 3.0.4
    Systems running open-source sendmail versions prior to 8.12.9, including UNIX and Linux systems
Attack Scenarios The attacker merely needs to execute one of the available exploit
scripts.
Ease of Attack Simple. Exploits for this vulnerability exist.
Corrective Action Upgrade to the latest version of the software.

Apply the appropriate vendor supplied patches.
Additional References  
Rule References cve: 2003-0161
url: www.cert.org/advisories/CA-2003-12.html