Due to a post from Sergey Kononenko it can be possible that the current version of Exim in Debian allows an attacker to access root through a malicious mail. He contacts the exim developers through their mailing list and describes an attack which occured in his company.
This vulnerability was already reported as a bug on the debian bug tracking system.
Let's see when exploit-db and metasploit have the first exploits ;-)
Greetz,
bluec0re
