GEN:SID 1:1550
Message SMTP ETRN overflow attempt
Summary This event is generated when an external attacker attempts to exploit a buffer overflow vulnerability in the ETRN command in NetWin DMail.
Impact Severe. Remote execution of arbitrary code, leading to remote root compromise.
Detailed Information Some versions of NetWin DMail SMTP server contain a buffer overflow vulnerability in the ETRN command. An attacker can use an overly long string in an ETRN argument to cause a buffer overflow condition. This allows the attacker to crash the mail server or execute arbitrary code with root access.
Affected Systems Systems running NetWin DMail 2.8a-h or lower or NetWin DMail 2.7q or lower.
Attack Scenarios An attacker sends an ETRN command with an overly long argument to a NetWin DMail SMTP server. The attacker can then crash the mail server or execute arbitrary code with root access.
Ease of Attack Simple. Exploits exist.
Corrective Action Upgrade to NetWin DMail 2.7r or 2.8i.
Additional References CVE
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-1999-0204

Bugtraq
http://www.securityfocus.com/bid/1297
Rule References bugtraq: 7515
bugtraq: 1297
cve: 2000-0490
nessus: 10438