GEN:SID 1:2120
Message IMAP create literal buffer overflow attempt
Summary This event is generated when a remote user uses the IMAP CREATE command to send a suspiciously long string to port 143 on an internal server. This may indicate an attempt to exploit a buffer overflow vulnerability in the IMAP CREATE command in the Alt-N MDaemon IMAP server.
Impact Remote execution of arbitrary code, which could allow an attacker to interfere with or crash mail services. The attacker must have a valid IMAP account and must be authenticated by the mail server to attempt this exploit.
Detailed Information This event may indicate an attempt to exploit a buffer overflow vulnerability in the Alt-N MDaemon IMAP server CREATE command. If an authenticated user creates a folder with a sufficiently long name on the Alt-N MDaemon IMAP server, arbitrary commands can be executed with system privileges.
Affected Systems Any operating system that runs Alt-N MDaemon 6.7.5 or Alt-N MDaemon 6.7.9 IMAP servers.
Attack Scenarios An authenticated user can create a new folder with a sufficiently long name, creating a buffer overflow condition. The attacker can then execute arbitrary code with system privileges, which may allow the attacker to interfere with or crash mail services.
Ease of Attack Exploits exist, but the user must have an account and be authenticated before attempting the exploit.
Corrective Action Upgrade to Alt-N MDaemon 6.7.10 or later.
Additional References Bugtraq
http://www.securityfocus.com/bid/7446

Nessus
http://cgi.nessus.org/plugins/dump.php3?id=11577
Rule References bugtraq: 7446