exim is vulnerable to privilege escalation. If an attacker were able to gain access to the “exim” user, they could cause Exim to execute arbitrary commands as the root user.
bugs.exim.org/show_bug.cgi?id=1044
lists.exim.org/lurker/message/20101209.172233.abcba158.en.html
lists.exim.org/lurker/message/20101210.164935.385e04d0.en.html
lists.opensuse.org/opensuse-security-announce/2010-12/msg00003.html
openwall.com/lists/oss-security/2010/12/10/1
secunia.com/advisories/42576
secunia.com/advisories/42930
secunia.com/advisories/43128
secunia.com/advisories/43243
www.cpanel.net/2010/12/critical-exim-security-update.html
www.debian.org/security/2010/dsa-2131
www.debian.org/security/2011/dsa-2154
www.exim.org/lurker/message/20101207.215955.bb32d4f2.en.html
www.kb.cert.org/vuls/id/758489
www.metasploit.com/modules/exploit/unix/smtp/exim4_string_format
www.openwall.com/lists/oss-security/2021/05/04/7
www.redhat.com/support/errata/RHSA-2011-0153.html
www.securityfocus.com/archive/1/515172/100/0/threaded
www.securityfocus.com/bid/45341
www.securitytracker.com/id?1024859
www.theregister.co.uk/2010/12/11/exim_code_execution_peril/
www.ubuntu.com/usn/USN-1060-1
www.vupen.com/english/advisories/2010/3171
www.vupen.com/english/advisories/2010/3204
www.vupen.com/english/advisories/2011/0135
www.vupen.com/english/advisories/2011/0245
www.vupen.com/english/advisories/2011/0364
access.redhat.com/errata/RHSA-2011:0153
access.redhat.com/security/cve/CVE-2010-4345
access.redhat.com/security/updates/classification/#moderate
bugzilla.redhat.com/show_bug.cgi?id=662012