Several websites comment the root exploit in Exim that was published last week. In a nutshell, there is a memory corruption  in the string_format() function, that is triggered  in the e-mail headers.

What worries me is:

The flaw has been remedied In the Exim sources since version 4.70, released at the end of 2008. The correction was not, however, marked as relevant for security and therefore was not included in older versions. Debian’s stable Lenny distribution still uses Exim 4.69, while Red Hat has 4.43. 

Details from H-Security Initial report and fixes

Exim’s bug report

Kingcope’s exploit