GEN:SID 1:1635
Message POP3 APOP overflow attempt
Summary This event is generated when an attempt is made to exploit a potential
buffer overflow using the APOP command.  If running a vulnerable mail
server, such as older XMail versions, this attack may lead to remote
execution of arbitrary code.
Impact When succesfully exploited, the remote attacker can crash the POP3
service or execute arbitrary code on the mailserver.
Detailed Information The APOP command, used to submit authentication credentials to the POP3
server, has an overflowable buffer in XMail 0.58 and earlier.  If an
argument to the APOP command is longer than 256 characters, the service
will crash.  This error may be exploitable further, and could then allow
the attacker to execute arbitrary code on the remote system.
Affected Systems XMail 0.58 or earlier
Attack Scenarios An attacker could crash the POP server, thereby denying
legitimate users access to their e-mail.  Skilled attackers could
compromise the mailserver and obtain all incoming e-mail data.
Ease of Attack The DoS attack is trivial to execute, as only an argument
longer than 256 characters needs to be submitted.  Compromise of the
mailserver requires more skill, but has been proven to be possible..
Corrective Action Upgrade the XtraMail installation to a more recent
version.  The most recent versions can always be found on the vendor's
website, http://www.xmailserver.org/
Additional References Nessus
http://cgi.nessus.org/plugins/dump.php3?id=10559

Bugtraq
http://www.securityfocus.com/bid/1652

CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-0841
Rule References bugtraq: 1652
cve: 2000-084103
Error: Unknown reference type: BACKDOOR subseven 22
arachnids: 485
url: www.hackfix.org/subseven/