GEN:SID 1:657
Message SMTP chameleon overflow
Summary This event is generated when an external user sends a HELP command with specific syntax to an internal SMTP server, which may indicate an attempt to exploit a buffer overflow vulnerability in NetManage Chameleon SMTP server.
Impact Severe. Remote execution of arbitrary code, leading to remote root compromise.
Detailed Information NetManage Chameleon SMTP server contains a buffer overflow vulnerability in the HELP command. If the HELP command is used with an argument longer than 514 characters, a buffer overflow condition occurs, allowing the execution of arbitrary code.
Affected Systems Systems running NetManage Chameleon Unix 97 or NetManage Chameleon 4.5.
Attack Scenarios An attacker sends an overly long string to a vulnerable NetManage Chameleon SMTP server in the HELP command. This causes a buffer overflow condition, allowing the attacker to execute arbitrary code on the server and obtain root privileges on the mail server.
Ease of Attack Simple.
Corrective Action Upgrade to the latest version of NetManage Chameleon SMTP server.
Additional References  
Rule References arachnids: 266
bugtraq: 2387
cve: 1999-0261