GEN:SID 1:1972
Message FTP PASS overflow attempt
Summary This event is generated when an attempt is made to exploit a buffer overflow vulnerability associated with BlackMoon FTP server PASS command.
Impact Remote access.  A successful attack may permit the remote execution of arbitrary commands with privileges of the process running the BlackMoon FTP server.
Detailed Information The BlackMoon FTP server offers FTP software for Windows hosts.  A vulnerability exists with the PASS command that can cause a buffer overflow and permit the execution of arbitrary commands with the privileges of the process running the BlackMoon FTP server.  The buffer overflow can be caused by supplying an overly long argument with the PASS command.  
Affected Systems Hosts running BlackMoon FTP Server 1.0 through 1.5.
Attack Scenarios An attacker can supply an overly long file argument with the PASS command, causing a buffer overflow.
Ease of Attack Simple.  
Corrective Action Upgrade to the latest non-affected version of the software.
Additional References CVE:
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2002-0126
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-2000-1035
Rule References bugtraq: 10078
bugtraq: 10720
bugtraq: 1690
bugtraq: 3884
bugtraq: 8601
bugtraq: 9285
cve: 1999-1519
cve: 1999-1539
cve: 2000-1035
cve: 2002-0126
cve: 2002-0895