To be specific, the zlib'd binary basically does this (except that it directly uses Linux syscalls to do so rather then C wrappers):
setuid(0);
execve("/bin/sh", NULL, NULL);
exit(0);To be specific, the zlib'd binary basically does this (except that it directly uses Linux syscalls to do so rather then C wrappers):
setuid(0);
execve("/bin/sh", NULL, NULL);
exit(0);