GEN:SID 1:1842
Message IMAP login buffer overflow attempt
Summary This event is generated when a remote attacker sends a malformed argument in the LOGIN command to an internal IMAP server, indicating an attempt to exploit a buffer overflow vulnerability in Netscape Messaging Server and University of Washington IMAP implementations.
Impact Remote execution of arbitrary code with the security privileges of the IMAP process, possibly leading to remote root compromise.
Detailed Information A buffer overflow vulnerability exists in the LOGIN command in University of Washington IMAP and Netscape Messaging Server. This can allow a remote attacker to send an LOGIN command with a malformed, overlong argument to a vulnerable IMAP server, causing a buffer overflow condition. The attacker can then execute arbitrary code on the server with the security privileges of the IMAP server process.    
Affected Systems Any operating system running Netscape Messaging Server 3.55 and earlier or University of Washington imapd 10.234 and earlier.
Attack Scenarios An attacker sends an overly long, malformed argument to an LOGIN command to a vulnerable IMAP server, causing a buffer overflow condition. The attacker is then able to execute arbitrary code on the server with the security privileges of the IMAP server process.
Ease of Attack Simple. Exploits exist.
Corrective Action Patches have been released for both UW IMAP and Netscape Messaging Server. Apply the patch or upgrade to a Netscape Messaging Server version higher than 3.55 or UW IMAP version higher than 10.234.
Additional References Bugtraq
http://www.securityfocus.com/bid/130
Rule References cve: 1999-0005
bugtraq: 502
bugtraq: 13727
cve: 1999-1557
cve: 2005-1255
nessus: 10123
nessus: 10125