Exim with Dovecot use_shell Command Injection

medium Nessus Plugin ID 66373

Synopsis

A mail transfer agent running on the remote host has a shell command injection vulnerability.

Description

The remote MTA (which appears to be Exim) has a shell command execution vulnerability. Dovecot is commonly used as a local delivery agent for Exim. The Dovecot documentation has an insecure example for how to configure Exim using the 'use_shell' option. If a host is using this configuration, it is vulnerable to command injection.

A remote, unauthenticated attacker could exploit this by sending an email to the MTA, resulting in arbitrary shell command execution.

Solution

Remove the 'use_shell' option from the Exim configuration file. Refer to the advisory for more information.

See Also

http://www.nessus.org/u?59f1529f

Plugin Details

Severity: Medium

ID: 66373

File Name: exim_use_shell_rce.nasl

Version: 1.10

Type: remote

Published: 5/10/2013

Updated: 3/6/2019

Supported Sensors: Nessus

Vulnerability Information

CPE: cpe:/a:exim:exim, cpe:/a:dovecot:dovecot

Exploit Available: true

Exploit Ease: Exploits are available

Vulnerability Publication Date: 5/3/2013

Exploitable With

Metasploit (Exim and Dovecot Insecure Configuration Command Injection)

Reference Information

BID: 60465