iDEFENSE Security Advisory IDEF0731 – Remote exploitation of a buffer overflow vulnerability in Exim 4.41 may allow execution of arbitrary commands with elevated privileges. Exim is a message transfer agent developed for use on Unix systems. The problem specifically exists in the auth_spa_server function. The function fails to check the length of input to spa_base64_to_bits(), which decodes a Base64-encoded string into a buffer of a fixed length. This string is user-controlled and passed to the program from a remote connection.
You can download this advisory from the following link: https://packetstormsecurity.com/files/download/35648/IDEF0731.txt
Source: https://packetstormsecurity.com/files/35648/IDEF0731.txt.html