GEN:SID 1:1866
Message POP3 USER overflow attempt
Summary This event is generated when an attempt is made to overflow a buffer by supplying a very long username to a POP3 service.
Impact Serious. Several POP3 servers are vulnerable to USER buffer overflows.
Detailed Information A very long string data in place of the username can lead to a buffer overflow situation.

A buffer overflow attack can be used to execute arbitrary code (remote shell). A Denial of Service (DoS) is also possible.

Check your POP3 service for this vulnerability with common vulnerability scanners.
Affected Systems Ipswich IMail 5.0.5, 5.0.6 and 5.0.7 for Windows NT.
Other POP3 mail systems may be affected.
Attack Scenarios A attacker may first check the POP3 daemon version and try a buffer overflow attack using a long username string supplied with the USER command.

This may result in full compromise of the host. A Remote shell can be bound to a port after the attack.
Ease of Attack Simple. Exploit scripts are available.
Corrective Action Apply the appropriate vendor supplied patches.

Upgrade to the latest non-affected version of the software.

Check for other events generated by the source IP address.
Additional References  
Rule References bugtraq: 789
bugtraq: 11256
cve: 1999-0494
nessus: 10311