Exim before 4.86.2, when installed setuid root, allows local users to gain privileges via the perl_startup argument.
lists.opensuse.org/opensuse-security-announce/2016-03/msg00026.html
packetstormsecurity.com/files/136124/Exim-4.84-3-Local-Root-Privilege-Escalation.html
www.debian.org/security/2016/dsa-3517
www.exim.org/static/doc/CVE-2016-1531.txt
www.rapid7.com/db/modules/exploit/unix/local/exim_perl_startup
www.securitytracker.com/id/1035512
www.ubuntu.com/usn/USN-2933-1
www.exploit-db.com/exploits/39535/
www.exploit-db.com/exploits/39549/
www.exploit-db.com/exploits/39702/