Exim with Dovecot use_shell Command Injection
Medium Nessus Plugin ID 66373
SynopsisA mail transfer agent running on the remote host has a shell command injection vulnerability.
DescriptionThe remote MTA (which appears to be Exim) has a shell command execution vulnerability. Dovecot is commonly used as a local delivery agent for Exim. The Dovecot documentation has an insecure example for how to configure Exim using the 'use_shell' option. If a host is using this configuration, it is vulnerable to command injection.
A remote, unauthenticated attacker could exploit this by sending an email to the MTA, resulting in arbitrary shell command execution.
SolutionRemove the 'use_shell' option from the Exim configuration file. Refer to the advisory for more information.