GEN:SID 1:2104
Message ATTACK-RESPONSES rexec username too long response
Summary This event is generated when an attempt is made to exploit a vulnerability in the rexec daemon is unsucessful. This event is an indication that someone supplied an overly long username to the rexec daemon.
Impact Serious.  An attacker may gain escalated privileges offering super user access on the affected host.
Detailed Information Rexec offers users the ability to execute commands on a host from remote locations.

A vulnerability exists such that an when an overly long username is supplied to the rexec daemon, a buffer overflow condition may occur thus presenting the attacker with the opportunity to execute arbitrary code and possibly gain escalated privileges on the target host.
Affected Systems  
Attack Scenarios Simple.
Ease of Attack Simple.
Corrective Action Upgrade to the latest non-affected version of the software.

Disallow rexec commands from sources external to the protected network.
Additional References  
Rule References bugtraq: 7459