Debian Security Advisory

imap4 -- The imapd, pop2d and pop3d servers allow remote, unauthenticated root access.

Date Reported:
02 Mar 1997
Affected Packages:
Security database references:
No other external database security references currently available.
More information:
Secure Networks Inc. Security Advisory SNI-08 excerpt:

In essence this will allow any client with the ability to attempt a login to enter an overly long username to cause arbitrary machine code to execute.