source: wwwsecurityfocuscom/bid/346/info
A buffer overflow exists in IRIX 5x and 6x 'df' utility, from Silicon Graphics Inc By supplying a long argument to the -f option of df, a user can crash the df program By carefully crafting a buffer containing machine executable code, an attacker can run arbitrary commands as root
/* /bin/df ...