GEN:SID 1:1634
Message POP3 PASS overflow attempt
Summary This event is generated when an attempt is made to exploit a known
vulnerability in Artisoft XtraMail v1.11 mailserver.
Impact When succesfully exploited, the remote attacker can crash the POP3
service and possibly execute arbitrary code on the mailserver.
Detailed Information The PASS argument, used to submit authentication credentials to the
POP3 server XtraMail 1.11, has an exploitable buffer overflow condition
If a password of more than 1500 characters is submitted, the
service will crash.  This error may be exploitable further, and could
then allow the attacker to execute arbitrary code on the remote system,
under the LocalSystem account.
Affected Systems All POP3 servers running Artisoft Xtramail 1.11 on Windows.
Attack Scenarios An attacker could crash the POP server, thereby denying
legitimate users access to their e-mail.  Skilled attackers could
compromise the mailserver and obtain all incoming e-mail data.
Ease of Attack The DoS attack is trivial to execute, as only a password
longer than 1500 characters needs to be submitted.  Compromise of the
mailserver requires more skill, but exploits are available.
Corrective Action Upgrade XtraMail to the latest non-affected version of the software
Additional References Nessus
http://cgi.nessus.org/plugins/dump.php3?id=10325

CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CAN-1999-1511

Bugtraq
http://www.securityfocus.com/bid/791
Rule References bugtraq: 791
cve: 1999-1511
nessus: 10325