A flaw was found in exim, in which if the server configuration uses the ${sort } expansion, then this could be controlled by the remote attacker , resulting in the attacker able to execute programs with root privileges. Note: The default config, as shipped by exim upstream, does not contain ${sort }.