Vulnerability & Exploit Database

Back to search

Exim and Dovecot Insecure Configuration Command Injection

This module exploits a command injection vulnerability against Dovecot with Exim using the "use_shell" option. It uses the sender's address to inject arbitrary commands, since this is one of the user-controlled variables. It has been successfully tested on Debian Squeeze using the default Exim4 with the dovecot-common packages.

Free Metasploit Download

Get your copy of the world's leading penetration testing tool

 Download Now

Module Name

exploit/linux/smtp/exim4_dovecot_exec

Authors

  • Unknown
  • eKKiM
  • juan vazquez <juan.vazquez [at] metasploit.com>

References

Targets

  • Linux x86

Platforms

  • linux

Architectures

  • x86

Reliability

Development

Module Options

To display the available options, load the module within the Metasploit console and run the commands 'show options' or 'show advanced':

msf > use exploit/linux/smtp/exim4_dovecot_exec msf exploit(exim4_dovecot_exec) > show targets ...targets... msf exploit(exim4_dovecot_exec) > set TARGET <target-id> msf exploit(exim4_dovecot_exec) > show options ...show and set options... msf exploit(exim4_dovecot_exec) > exploit