Exploit:

  There is a bug in NET-net2 version of login.c which allows  anyone
  who has an  account on the  machine to gain  root priviledges. The
  version of login.c has the fallowing sccsid line:

    static char sccsid[]="@(#)login.c  5.73 (Berkeley) 6/29/91"

  The bug  is that  it doesn't  reset the  root login  flag after an
  unsuccessful attempt to login as root. The upshot of this is  that
  if a person first attempts to  login as root, fails, then logs  in
  as him/herself, he/she has a uid of 0!