Critical hole in the Exim Mail server closed
A missing format specification in a logging function of the free Mail Transfer Agent Exim has been identified by the developers as offering an attacker a chance to execute arbitrary code on the server.
The particular line of code wrote a string directly to the logfile. An attacker could exploit this by adding particular formatting instructions into the DKIM information string in an incoming email which would allow them to inject their own code and run it with the rights of the mail server. Although no exploit is known to exist, the developers believe that an experienced attacker would not find an exploit hard to construct.
You don't need to be a genius to debug a pf.conf firewall ruleset, you just need the guts to run tcpdump