Several websites comment the root exploit in Exim that was published last week. In a nutshell, there is a memory corruption in the string_format() function, that is triggered in the e-mail headers.
What worries me is:
The flaw has been remedied In the Exim sources since version 4.70, released at the end of 2008. The correction was not, however, marked as relevant for security and therefore was not included in older versions. Debian’s stable Lenny distribution still uses Exim 4.69, while Red Hat has 4.43.