I don't think so? It's a buffer overflow in the system call.
replyI just read that it was spilling into argv or something and assumed the vector was somehow injecting arguments or something.
replyThe exploit is injecting environment variables, but yes, close enough. You need someone to call execve as root in order to become root, but you don't need a setuid binary.
reply[dead]
reply