Exim with Dovecot use_shell Command Injection

This script is Copyright (C) 2013 Tenable Network Security, Inc.


Synopsis :

A mail transfer agent running on the remote host has a shell command
injection vulnerability.

Description :

The remote MTA (which appears to be Exim) has a shell command execution
vulnerability. Dovecot is commonly used as a local delivery agent for
Exim. The Dovecot documentation has an insecure example for how to
configure Exim using the 'use_shell' option. If a host is using this
configuration, it is vulnerable to command injection.

A remote, unauthenticated attacker could exploit this by sending an
email to the MTA, resulting in arbitrary shell command execution.

See also :

http://www.nessus.org/u?59f1529f

Solution :

Remove the 'use_shell' option from the Exim configuration file. Refer
to the advisory for more information.

Risk factor :

Medium / CVSS Base Score : 6.8
(CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P)
CVSS Temporal Score : 5.6
(CVSS2#E:F/RL:OF/RC:ND)
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 66373 ()

Bugtraq ID: 60465

CVE ID: