Exim with Dovecot use_shell Command Injection

medium Nessus Plugin ID 66373


A mail transfer agent running on the remote host has a shell command injection vulnerability.


The remote MTA (which appears to be Exim) has a shell command execution vulnerability. Dovecot is commonly used as a local delivery agent for Exim. The Dovecot documentation has an insecure example for how to configure Exim using the 'use_shell' option. If a host is using this configuration, it is vulnerable to command injection.

A remote, unauthenticated attacker could exploit this by sending an email to the MTA, resulting in arbitrary shell command execution.


Remove the 'use_shell' option from the Exim configuration file. Refer to the advisory for more information.

See Also


Plugin Details

Severity: Medium

ID: 66373

File Name: exim_use_shell_rce.nasl

Version: 1.10

Type: remote

Published: 5/10/2013

Updated: 3/6/2019

Risk Information


Risk Factor: Medium

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Vulnerability Information

CPE: cpe:/a:exim:exim, cpe:/a:dovecot:dovecot

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/3/2013

Exploitable With

Metasploit (Exim and Dovecot Insecure Configuration Command Injection)

Reference Information

BID: 60465