Get root access to between 40percent to 70percent of all Unix machines. It does this by exploiting a hole/feature in telnetd where environment variables are passed from the calling telnet client, to the recieving telnet daemon. These are normal env variables, such as TERM and TZ. However, there are a few which affect the runtime linker/loader (ld.so). These variables affect how ld.so finds and uses shared libraries.