Exim with Dovecot use_shell Command Injection

This script is Copyright (C) 2013-2016 Tenable Network Security, Inc.

Synopsis :

A mail transfer agent running on the remote host has a shell command
injection vulnerability.

Description :

The remote MTA (which appears to be Exim) has a shell command execution
vulnerability. Dovecot is commonly used as a local delivery agent for
Exim. The Dovecot documentation has an insecure example for how to
configure Exim using the 'use_shell' option. If a host is using this
configuration, it is vulnerable to command injection.

A remote, unauthenticated attacker could exploit this by sending an
email to the MTA, resulting in arbitrary shell command execution.

See also :


Solution :

Remove the 'use_shell' option from the Exim configuration file. Refer
to the advisory for more information.

Risk factor :

Medium / CVSS Base Score : 6.8
CVSS Temporal Score : 5.3
Public Exploit Available : true

Family: SMTP problems

Nessus Plugin ID: 66373 ()

Bugtraq ID: 60465


Ready to Amp Up Your Nessus Experience?

Get Nessus Professional to scan unlimited IPs, run compliance checks & more

Buy Nessus Professional Now