How to Buy
This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.
A mail transfer agent running on the remote host has a shell command
The remote MTA (which appears to be Exim) has a shell command execution
vulnerability. Dovecot is commonly used as a local delivery agent for
Exim. The Dovecot documentation has an insecure example for how to
configure Exim using the 'use_shell' option. If a host is using this
configuration, it is vulnerable to command injection.
A remote, unauthenticated attacker could exploit this by sending an
email to the MTA, resulting in arbitrary shell command execution.
See also :
Remove the 'use_shell' option from the Exim configuration file. Refer
to the advisory for more information.
Risk factor :
Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.3
Public Exploit Available : true
Family: SMTP problems
Nessus Plugin ID: 66373 ()
Bugtraq ID: 60465
Get Nessus Professional to scan unlimited IPs, run compliance checks & more
The cookie settings on this website are set to 'allow all cookies' to give you the very best website experience. If you continue without changing these settings, you consent to this - but if you want, you can opt out of all cookies by clicking below.