GEN:SID 1:1549
Message SMTP HELO overflow attempt
Summary This event is generated when an attempt is made to overflow a buffer in an SMTP server via a long SMTP HELO command.
Impact A remote attacker could exploit this vulnerability to cause a denial of service, or possibly execute arbitrary code.
Detailed Information Most SMTP servers do not properly validate the input string. A buffer overflow may occur when an attacker use a HELO command followed by 1024+ characters. If the server is vulnerable ,it will crash or close the connection, otherwise it will give an error message.
Affected Systems SMTP servers Any version
    AppleShare IP Mail Server Any version
    Mercury Mail Server Any version
    SLMail v2.6 and earlier
    
Attack Scenarios telnet victim.foo.com 25
helo victim
220 victim SMTP Server Ready
HELO XXXXXXXXXXX[a thousand of these]XXXXXXXX
Ease of Attack Simple.
Corrective Action Upgrade to the latest non-affected version of the software
Additional References  
Rule References bugtraq: 7726
bugtraq: 895
cve: 2000-0042
nessus: 10324
nessus: 11674