Exim with Dovecot use_shell Command Injection

Medium Nessus Plugin ID 66373

Synopsis

A mail transfer agent running on the remote host has a shell command injection vulnerability.

Description

The remote MTA (which appears to be Exim) has a shell command execution vulnerability. Dovecot is commonly used as a local delivery agent for Exim. The Dovecot documentation has an insecure example for how to configure Exim using the 'use_shell' option. If a host is using this configuration, it is vulnerable to command injection.

A remote, unauthenticated attacker could exploit this by sending an email to the MTA, resulting in arbitrary shell command execution.

Solution

Remove the 'use_shell' option from the Exim configuration file. Refer to the advisory for more information.

See Also

http://www.nessus.org/u?59f1529f

Plugin Details

Severity: Medium

ID: 66373

File Name: exim_use_shell_rce.nasl

Version: 1.10

Type: remote

Published: 2013/05/10

Updated: 2019/03/06

Dependencies: 10263

Risk Information

Risk Factor: Medium

CVSS v2.0

Base Score: 6.8

Temporal Score: 5.3

Vector: CVSS2#AV:N/AC:M/Au:N/C:P/I:P/A:P

Temporal Vector: CVSS2#E:POC/RL:OF/RC:ND

Vulnerability Information

CPE: cpe:/a:exim:exim, cpe:/a:dovecot:dovecot

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 2013/05/03

Exploitable With

Metasploit (Exim and Dovecot Insecure Configuration Command Injection)

Reference Information

BID: 60465

EDB-ID: 25297, 25970