This script is Copyright (C) 2013 Tenable Network Security, Inc.
A mail transfer agent running on the remote host has a shell command
The remote MTA (which appears to be Exim) has a shell command execution
vulnerability. Dovecot is commonly used as a local delivery agent for
Exim. The Dovecot documentation has an insecure example for how to
configure Exim using the 'use_shell' option. If a host is using this
configuration, it is vulnerable to command injection.
A remote, unauthenticated attacker could exploit this by sending an
email to the MTA, resulting in arbitrary shell command execution.
See also :
Remove the 'use_shell' option from the Exim configuration file. Refer
to the advisory for more information.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.6
Public Exploit Available : true
Family: SMTP problems
Nessus Plugin ID: 66373 ()
Bugtraq ID: 60465